[undertow-dev] Same-Site Cookie Attribute
Bill O'Neil
bill at dartalley.com
Thu Mar 2 14:26:57 EST 2017
This should be a good starting point
Cookie Interface and Impl
https://github.com/undertow-io/undertow/blob/master/core/src/main/java/io/undertow/server/handlers/Cookie.java
https://github.com/undertow-io/undertow/blob/master/core/src/main/java/io/undertow/server/handlers/CookieImpl.java
CookieUtil
https://github.com/undertow-io/undertow/blob/master/core/src/main/java/io/undertow/util/Cookies.java
Setting a response cookie
https://github.com/undertow-io/undertow/blob/master/core/src/main/java/io/undertow/server/HttpServerExchange.java#L1120
This was just a quick glance. I'm not sure exactly where the header is set
but this should be a good start.
Bill
On Thu, Mar 2, 2017 at 2:15 PM, Sven Kubiak <sven at kubiak.me> wrote:
> I have looked at the current Cookie Implementation in Undetow, and it
> seems like there is no support for the Same-Site Cookie Attribute.
>
>
>
> See: https://scotthelme.co.uk/csrf-is-dead/
>
>
>
> I’ll be happy to create a pull request, if someone could point me to the
> right classes (and test cases) where the response headers for the cookies
> are being set.
>
>
>
> Best regards,
>
> Sven
>
> _______________________________________________
> undertow-dev mailing list
> undertow-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/undertow-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/undertow-dev/attachments/20170302/25dfb466/attachment.html
More information about the undertow-dev
mailing list