This is an automated email from the ASF dual-hosted git repository.
jleroux pushed a commit to branch release24.09
in repository https://gitbox.apache.org/repos/asf/ofbiz-framework.git
The following commit(s) were added to refs/heads/release24.09 by this push:
new 6ef97ef068 Fixed: Support for Add default browser security headers in
writeJSONtoResponse (OFBIZ-13284) (#907)
6ef97ef068 is described below
commit 6ef97ef0687d062365073a061418349dd7acd2fd
Author: Sandeep Rajput <[email protected]>
AuthorDate: Wed Aug 13 22:34:46 2025 +0530
Fixed: Support for Add default browser security headers in
writeJSONtoResponse (OFBIZ-13284) (#907)
This is to ensure SameSite cookies are sent on response.
Currently, the writeJSONtoResponse method correctly sends the JSON
response, but it does not include the SameSite attribute in the default
security headers. As a result, the SameSite cookie is not returned in
the browser response.
Expected Behavior:
writeJSONtoResponse should set default security headers for the
response.
SameSite attribute should be correctly applied to all cookies sent in
the response.
The browser should receive and respect the SameSite cookie.
Thanks: Sandeep Rajput
---
.../common/src/main/java/org/apache/ofbiz/common/CommonEvents.java | 2 ++
1 file changed, 2 insertions(+)
diff --git
a/framework/common/src/main/java/org/apache/ofbiz/common/CommonEvents.java
b/framework/common/src/main/java/org/apache/ofbiz/common/CommonEvents.java
index 367876d18c..c4aac4b7c4 100644
--- a/framework/common/src/main/java/org/apache/ofbiz/common/CommonEvents.java
+++ b/framework/common/src/main/java/org/apache/ofbiz/common/CommonEvents.java
@@ -253,6 +253,8 @@ public class CommonEvents {
// jsonStr.length is not reliable for unicode characters
response.setContentLength(jsonStr.getBytes("UTF8").length);
+ // Set default security headers
+ UtilHttp.setResponseBrowserDefaultSecurityHeaders(response, null);
// return the JSON String
Writer out;
try {
