YARN-8868. Set HTTPOnly attribute to Cookie. Contributed by Chandni Singh.

This commit is contained in:
Sunil G 2018-10-18 15:22:50 +05:30
parent 3ed7163302
commit 2202e00ba8
2 changed files with 10 additions and 3 deletions

View File

@ -179,10 +179,10 @@ public static void redirectToErrorPage(HttpServletResponse res, Throwable e,
String st = devMode ? ErrorPage.toStackTrace(e, 1024 * 3) // spec: min 4KB
: "See logs for stack trace";
res.setStatus(res.SC_FOUND);
Cookie cookie = new Cookie(STATUS_COOKIE, String.valueOf(500));
Cookie cookie = createCookie(STATUS_COOKIE, String.valueOf(500));
cookie.setPath(path);
res.addCookie(cookie);
cookie = new Cookie(ERROR_COOKIE, st);
cookie = createCookie(ERROR_COOKIE, st);
cookie.setPath(path);
res.addCookie(cookie);
res.setHeader("Location", path);
@ -196,7 +196,7 @@ public static void removeErrorCookies(HttpServletResponse res, String path) {
public static void removeCookie(HttpServletResponse res, String name,
String path) {
LOG.debug("removing cookie {} on {}", name, path);
Cookie c = new Cookie(name, "");
Cookie c = createCookie(name, "");
c.setMaxAge(0);
c.setPath(path);
res.addCookie(c);
@ -249,4 +249,10 @@ private void prepareToExit() {
}
}, 18); // enough time for the last local request to complete
}
private static Cookie createCookie(String name, String val) {
Cookie cookie = new Cookie(name, val);
cookie.setHttpOnly(true);
return cookie;
}
}

View File

@ -322,6 +322,7 @@ private static String getCheckCookieName(ApplicationId id){
private static Cookie makeCheckCookie(ApplicationId id, boolean isSet) {
Cookie c = new Cookie(getCheckCookieName(id),String.valueOf(isSet));
c.setHttpOnly(true);
c.setPath(ProxyUriUtils.getPath(id));
c.setMaxAge(60 * 60 * 2); //2 hours in seconds
return c;