commit | 05bce0d3e6dd31e8a26800d390f0fbce344960f9 | [log] [tgz] |
---|---|---|
author | Colm O hEigeartaigh <coheigea@apache.org> | Mon Apr 20 10:42:42 2020 +0100 |
committer | Colm O hEigeartaigh <coheigea@apache.org> | Mon Apr 20 10:42:42 2020 +0100 |
tree | 3d900498cfbea0f13be739d100f8f07556eec168 | |
parent | faf0adb90a5c45d56aecd60058c5733d167865d4 [diff] |
Set HttpOnly for the realm Cookie
diff --git a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/util/WebUtils.java b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/util/WebUtils.java index a1da71a..06637bd 100644 --- a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/util/WebUtils.java +++ b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/util/WebUtils.java
@@ -191,6 +191,7 @@ Cookie cookie = new Cookie(cookieName, cookieValue); cookie.setSecure(true); cookie.setMaxAge(-1); + cookie.setHttpOnly(true); cookie.setPath("/fediz-idp"); httpServletResponse.addCookie(cookie); }