diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/webapp/Dispatcher.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/webapp/Dispatcher.java index d519dbb4c0d..4d54b6a823b 100644 --- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/webapp/Dispatcher.java +++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/webapp/Dispatcher.java @@ -179,10 +179,10 @@ public static void redirectToErrorPage(HttpServletResponse res, Throwable e, String st = devMode ? ErrorPage.toStackTrace(e, 1024 * 3) // spec: min 4KB : "See logs for stack trace"; res.setStatus(res.SC_FOUND); - Cookie cookie = new Cookie(STATUS_COOKIE, String.valueOf(500)); + Cookie cookie = createCookie(STATUS_COOKIE, String.valueOf(500)); cookie.setPath(path); res.addCookie(cookie); - cookie = new Cookie(ERROR_COOKIE, st); + cookie = createCookie(ERROR_COOKIE, st); cookie.setPath(path); res.addCookie(cookie); res.setHeader("Location", path); @@ -196,7 +196,7 @@ public static void removeErrorCookies(HttpServletResponse res, String path) { public static void removeCookie(HttpServletResponse res, String name, String path) { LOG.debug("removing cookie {} on {}", name, path); - Cookie c = new Cookie(name, ""); + Cookie c = createCookie(name, ""); c.setMaxAge(0); c.setPath(path); res.addCookie(c); @@ -249,4 +249,10 @@ private void prepareToExit() { } }, 18); // enough time for the last local request to complete } + + private static Cookie createCookie(String name, String val) { + Cookie cookie = new Cookie(name, val); + cookie.setHttpOnly(true); + return cookie; + } } diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-web-proxy/src/main/java/org/apache/hadoop/yarn/server/webproxy/WebAppProxyServlet.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-web-proxy/src/main/java/org/apache/hadoop/yarn/server/webproxy/WebAppProxyServlet.java index f21ff2c37df..8b6bdf97b12 100644 --- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-web-proxy/src/main/java/org/apache/hadoop/yarn/server/webproxy/WebAppProxyServlet.java +++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-web-proxy/src/main/java/org/apache/hadoop/yarn/server/webproxy/WebAppProxyServlet.java @@ -271,6 +271,7 @@ private static String getCheckCookieName(ApplicationId id){ private static Cookie makeCheckCookie(ApplicationId id, boolean isSet) { Cookie c = new Cookie(getCheckCookieName(id),String.valueOf(isSet)); + c.setHttpOnly(true); c.setPath(ProxyUriUtils.getPath(id)); c.setMaxAge(60 * 60 * 2); //2 hours in seconds return c;