tapestry-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF subversion and git services (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (TAP5-2327) The Cookies interface should provide an option to mark cookies as httpOnly
Date Tue, 19 Apr 2016 10:50:25 GMT

    [ https://issues.apache.org/jira/browse/TAP5-2327?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15247539#comment-15247539
] 

ASF subversion and git services commented on TAP5-2327:
-------------------------------------------------------

Commit 62f33e3dc8b93176b285eb6350ad239c15ef6ace in tapestry-5's branch refs/heads/master from
[~jkemnade]
[ https://git-wip-us.apache.org/repos/asf?p=tapestry-5.git;h=62f33e3 ]

TAP5-2327: upgrade to servlet-api 3.0.1


> The Cookies interface should provide an option to mark cookies as httpOnly
> --------------------------------------------------------------------------
>
>                 Key: TAP5-2327
>                 URL: https://issues.apache.org/jira/browse/TAP5-2327
>             Project: Tapestry 5
>          Issue Type: New Feature
>          Components: tapestry-core
>    Affects Versions: 5.3.7, 5.4
>            Reporter: Martin Schneider
>              Labels: desired_for_5.5
>         Attachments: 0001-TAP-2327-add-httpOnly-method-to-support-Servlet-3.0.patch,
0002-TAP-2327-add-support-for-version-and-comment.patch
>
>
> Since Servlet 3.0 there is an option to mark cookies as httpOnly via javax.servlet.http.Cookie.setHttpOnly(boolean).
There should be an option to use that in org.apache.tapestry5.services.Cookies. In 5.3.7 the
default implementation does not set the httpOnly flag.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message