Re: [undertow-dev] Same-Site Cookie Attribute
This should be a good starting point
Cookie Interface and Impl
https://github.com/undertow-io/undertow/blob/master/core/src/main/java/io...
https://github.com/undertow-io/undertow/blob/master/core/src/main/java/io...
CookieUtil
https://github.com/undertow-io/undertow/blob/master/core/src/main/java/io...
Setting a response cookie
https://github.com/undertow-io/undertow/blob/master/core/src/main/java/io...
This was just a quick glance. I'm not sure exactly where the header is set
but this should be a good start.
Bill
On Thu, Mar 2, 2017 at 2:15 PM, Sven Kubiak <sven(a)kubiak.me> wrote:
I have looked at the current Cookie Implementation in Undetow, and
it
seems like there is no support for the Same-Site Cookie Attribute.
See: https://scotthelme.co.uk/csrf-is-dead/
I’ll be happy to create a pull request, if someone could point me to the
right classes (and test cases) where the response headers for the cookies
are being set.
Best regards,
Sven
_______________________________________________
undertow-dev mailing list
undertow-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/undertow-dev
Attachments:
- attachment.html (text/html — 3.0 KB)