[MYFACES-3639] The flash scope cookie is not HttpOnly - ASF JIRA

Attach files

Attach Screenshot

Voters

Watch issue

Watchers

Create sub-task

Link

Clone

Update Comment Author

Replace String in Comment

Update Comment Visibility

Delete Comments

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Closed
Priority: Minor
Resolution: Fixed
Affects Version/s: 2.1.9
Fix Version/s: 2.2.4
Component/s: General
Labels:
None

Description

The oam.Flash.RENDERMAP.TOKEN cookie does not have the HttpOnly flag set. Many security policies require that cookies have HttpOnly set if possible.

Attachments

MyFaces-3639Pathv2.1.patch
17/May/13 01:25
0.6 kB
Paul Nicolucci
MyFaces-3639Pathv2.0.patch
17/May/13 01:25
0.6 kB
Paul Nicolucci

Issue Links

Add Link

is related to

MYFACES-3005 Only send Flash cookie if needed

Closed

Delete this link

Activity

Comment

This comment will be Viewable by All Users Viewable by All Users

Cancel

People

Assignee:: Leonardo Uribe

Reporter:: David Gadbois

Votes:: 1 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 13/Nov/12 18:19

Updated:: 22/Sep/14 15:33

Resolved:: 12/May/14 11:59

Agile

View on Board

The flash scope cookie is not HttpOnly

Details

Description

Attachments

Attachments

Issue Links

Activity

People

Dates

Agile

Slack

Issue deployment