Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[#1079] - bugfix: make sure form resubmit cookie is secure #1078

Merged
merged 1 commit into from
Sep 21, 2023

Conversation

lprimak
Copy link
Contributor

@lprimak lprimak commented Sep 21, 2023

fixes #1079

Following this checklist to help us incorporate your contribution quickly and easily:

  • Make sure there is a GitHub issue filed
    for the change (usually before you start working on it). Trivial changes like typos do not
    require a GitHub issue. Your pull request should address just this issue, without pulling in other changes.
  • Each commit in the pull request should have a meaningful subject line and body.
  • Format the pull request title like [#XXX] - Fixes bug in SessionManager,
    where you replace #XXX with the appropriate GitHub issue. Best practice
    is to use the GitHub issue title in the pull request title and in the first line of the commit message.
  • Write a pull request description that is detailed enough to understand what the pull request does, how, and why.
  • add fixes #XXX if merging the PR should close a related issue.
  • Run mvn verify to make sure basic checks pass. A more thorough check will be performed on your pull request automatically.
  • If you have a group of commits related to the same change, please squash your commits into one and force push your branch using git rebase -i.
  • Committers: Make sure a milestone is set on the PR

Trivial changes like typos do not require a GitHub issue (javadoc, comments...).
In this case, just format the pull request title like [DOC] - Add javadoc in SessionManager.

If this is your first contribution, you have to read the Contribution Guidelines

If your pull request is about ~20 lines of code you don't need to sign an Individual Contributor License Agreement
if you are unsure please ask on the developers list.

To make clear that you license your contribution under the Apache License Version 2.0, January 2004
you have to acknowledge this by using the following check-box.

@lprimak lprimak changed the title bugfix: make sure form resubmit cookie is secure [#1079] - bugfix: make sure form resubmit cookie is secure Sep 21, 2023
@lprimak lprimak added this to the 2.0 milestone Sep 21, 2023
@lprimak lprimak added java Pull requests that update Java code jakartaee Jakarta EE labels Sep 21, 2023
@lprimak lprimak self-assigned this Sep 21, 2023
@lprimak lprimak marked this pull request as draft September 21, 2023 18:30
@lprimak
Copy link
Contributor Author

lprimak commented Sep 21, 2023

TODO: add configuration parameter for secure cookies to web.xml

…rnals

enh: added org.apache.shiro.form-resubmit.secure-cookies configuration parameter into web.xml
bugfix: made org.apache.shiro.form-resubmit.disabled configuration parameter work in web.xml
@lprimak lprimak marked this pull request as ready for review September 21, 2023 21:41
@lprimak lprimak merged commit fe2ccc0 into apache:main Sep 21, 2023
23 checks passed
@lprimak lprimak deleted the cookie-secure-flag branch September 21, 2023 22:22
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
jakartaee Jakarta EE java Pull requests that update Java code
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Fix code scanning alert - Failure to use secure cookies
1 participant