commit | c0e2ab6575f2d2cb88f9cfea98af041e88c8f02d | [log] [tgz] |
---|---|---|
author | Vipin Rathor <v.rathor@gmail.com> | Fri Aug 25 00:26:05 2017 -0700 |
committer | Lee moon soo <moon@apache.org> | Thu Sep 28 21:38:47 2017 -0700 |
tree | 492987713c8f7b18f8c329e330daa21b3894281d | |
parent | 75df4aacca0907d251b06da87d9a49920683e48b [diff] |
[MINOR] Updated shiro.ini.template to include secure cookie option ### What is this PR for? Based on discussion in https://github.com/apache/zeppelin/pull/2545 , I'm updating the shiro.ini.template to include secure cookie option. With this change, Zeppelin Shiro will always set 'HttpOnly' flag in cookie. This will help to prevent majority of cross-site scripting (XSS) attacks. ### What type of PR is it? Minor Improvement ### What is the Jira issue? Minor change in shiro.ini ### How should this be tested? CI tests should pass ### Questions: * Does the licenses files need update? No * Is there breaking changes for older versions? No * Does this needs documentation? Doc changes already done in https://github.com/apache/zeppelin/pull/2545 Author: Vipin Rathor <v.rathor@gmail.com> Closes #2550 from VipinRathor/fix-shiro-template and squashes the following commits: 6339243 [Vipin Rathor] Commenting out secure flag for Zeppelin cookies in shiro.ini.template Added description as well. 1da09cf [Vipin Rathor] [MINOR] Updated shiro.init.template to include secure cookie option (cherry picked from commit 2437c8029c1f84460932ec65833ada356c3fc461) Signed-off-by: Lee moon soo <moon@apache.org>
Documentation: User Guide
Mailing Lists: User and Dev mailing list
Continuous Integration:
Contributing: Contribution Guide
Issue Tracker: Jira
License: Apache 2.0
Zeppelin, a web-based notebook that enables interactive data analytics. You can make beautiful data-driven, interactive and collaborative documents with SQL, Scala and more.
Core feature:
To know more about Zeppelin, visit our web site http://zeppelin.apache.org
Please go to install to install Apache Zeppelin from binary package.
Please check Build from source to build Zeppelin from source.