[Engine-patches] Change in ovirt-engine[master]: backend: set HttpOnly for all cookies

Alon Bar-Lev Wed, 19 Mar 2014 13:58:40 -0700

Alon Bar-Lev has uploaded a new change for review.

Change subject: backend: set HttpOnly for all cookies
......................................................................


backend: set HttpOnly for all cookies

Change-Id: I25ae26677c99f94a5e6d7cfe39444811d13ec29c
Signed-off-by: Alon Bar-Lev <alo...@redhat.com>
---
M backend/manager/modules/docs/src/main/webapp/WEB-INF/web.xml
M backend/manager/modules/restapi/webapp/src/main/webapp/WEB-INF/web.xml
M backend/manager/modules/root/src/main/webapp/WEB-INF/web.xml
M backend/manager/modules/services/src/main/webapp/WEB-INF/web.xml
M 
backend/manager/modules/utils/src/main/java/org/ovirt/engine/core/utils/servlet/DocsServlet.java
M 
backend/manager/modules/utils/src/main/java/org/ovirt/engine/core/utils/servlet/LocaleFilter.java
M backend/manager/modules/welcome/src/main/webapp/WEB-INF/web.xml
M frontend/webadmin/modules/userportal-gwtp/src/main/webapp/WEB-INF/web.xml
M frontend/webadmin/modules/webadmin/src/main/webapp/WEB-INF/web.xml
9 files changed, 44 insertions(+), 0 deletions(-)


  git pull ssh://gerrit.ovirt.org:29418/ovirt-engine refs/changes/15/25915/1

diff --git a/backend/manager/modules/docs/src/main/webapp/WEB-INF/web.xml 
b/backend/manager/modules/docs/src/main/webapp/WEB-INF/web.xml
index 2a5baeb..fed55e4 100644
--- a/backend/manager/modules/docs/src/main/webapp/WEB-INF/web.xml
+++ b/backend/manager/modules/docs/src/main/webapp/WEB-INF/web.xml
@@ -127,4 +127,11 @@
       <error-code>404</error-code>
       <location>/404.html</location>
   </error-page>
+
+  <session-config>
+    <cookie-config>
+      <http-only>true</http-only>
+    </cookie-config>
+  </session-config>
+
 </web-app>
diff --git 
a/backend/manager/modules/restapi/webapp/src/main/webapp/WEB-INF/web.xml 
b/backend/manager/modules/restapi/webapp/src/main/webapp/WEB-INF/web.xml
index 89b79f1..7786f98 100644
--- a/backend/manager/modules/restapi/webapp/src/main/webapp/WEB-INF/web.xml
+++ b/backend/manager/modules/restapi/webapp/src/main/webapp/WEB-INF/web.xml
@@ -34,6 +34,9 @@
   </security-constraint>
 
   <session-config>
+    <cookie-config>
+      <http-only>true</http-only>
+    </cookie-config>
     <session-timeout>180</session-timeout>
   </session-config>
 </web-app>
diff --git a/backend/manager/modules/root/src/main/webapp/WEB-INF/web.xml 
b/backend/manager/modules/root/src/main/webapp/WEB-INF/web.xml
index 57bcb96..db51c78 100644
--- a/backend/manager/modules/root/src/main/webapp/WEB-INF/web.xml
+++ b/backend/manager/modules/root/src/main/webapp/WEB-INF/web.xml
@@ -116,4 +116,11 @@
   <welcome-file-list>
     <welcome-file>index.html</welcome-file>
   </welcome-file-list>
+
+  <session-config>
+    <cookie-config>
+      <http-only>true</http-only>
+    </cookie-config>
+  </session-config>
+
 </web-app>
diff --git a/backend/manager/modules/services/src/main/webapp/WEB-INF/web.xml 
b/backend/manager/modules/services/src/main/webapp/WEB-INF/web.xml
index 8c9f15c..5df7ce9 100644
--- a/backend/manager/modules/services/src/main/webapp/WEB-INF/web.xml
+++ b/backend/manager/modules/services/src/main/webapp/WEB-INF/web.xml
@@ -120,4 +120,10 @@
     <location>/404.html</location>
   </error-page>
 
+  <session-config>
+    <cookie-config>
+      <http-only>true</http-only>
+    </cookie-config>
+  </session-config>
+
 </web-app>
diff --git 
a/backend/manager/modules/utils/src/main/java/org/ovirt/engine/core/utils/servlet/DocsServlet.java
 
b/backend/manager/modules/utils/src/main/java/org/ovirt/engine/core/utils/servlet/DocsServlet.java
index f9f9c04..6174cec 100644
--- 
a/backend/manager/modules/utils/src/main/java/org/ovirt/engine/core/utils/servlet/DocsServlet.java
+++ 
b/backend/manager/modules/utils/src/main/java/org/ovirt/engine/core/utils/servlet/DocsServlet.java
@@ -108,6 +108,7 @@
         Cookie cookie = new Cookie(LANG_PAGE_SHOWN, Boolean.toString(value));
         // Scope this cookie to the (root) application context URL
         cookie.setPath("/" + getServletContext().getContextPath());
+        cookie.setHttpOnly(true);
         // Don't set max age, i.e. let this be a session cookie
         response.addCookie(cookie);
     }
diff --git 
a/backend/manager/modules/utils/src/main/java/org/ovirt/engine/core/utils/servlet/LocaleFilter.java
 
b/backend/manager/modules/utils/src/main/java/org/ovirt/engine/core/utils/servlet/LocaleFilter.java
index 9fda8a8..319d95c 100644
--- 
a/backend/manager/modules/utils/src/main/java/org/ovirt/engine/core/utils/servlet/LocaleFilter.java
+++ 
b/backend/manager/modules/utils/src/main/java/org/ovirt/engine/core/utils/servlet/LocaleFilter.java
@@ -77,6 +77,7 @@
         Cookie cookie = new Cookie(LocaleFilter.LOCALE, userLocale.toString());
         cookie.setPath(ROOT_PATH);
         cookie.setMaxAge(Integer.MAX_VALUE); // Doesn't expire.
+        cookie.setHttpOnly(true);
         response.addCookie(cookie);
     }
 
diff --git a/backend/manager/modules/welcome/src/main/webapp/WEB-INF/web.xml 
b/backend/manager/modules/welcome/src/main/webapp/WEB-INF/web.xml
index 3d375dd..9f5980a 100644
--- a/backend/manager/modules/welcome/src/main/webapp/WEB-INF/web.xml
+++ b/backend/manager/modules/welcome/src/main/webapp/WEB-INF/web.xml
@@ -98,4 +98,11 @@
   <welcome-file-list>
     <welcome-file>index.html</welcome-file>
   </welcome-file-list>
+
+  <session-config>
+    <cookie-config>
+      <http-only>true</http-only>
+    </cookie-config>
+  </session-config>
+
 </web-app>
diff --git 
a/frontend/webadmin/modules/userportal-gwtp/src/main/webapp/WEB-INF/web.xml 
b/frontend/webadmin/modules/userportal-gwtp/src/main/webapp/WEB-INF/web.xml
index 8abdb78..7d8c769 100644
--- a/frontend/webadmin/modules/userportal-gwtp/src/main/webapp/WEB-INF/web.xml
+++ b/frontend/webadmin/modules/userportal-gwtp/src/main/webapp/WEB-INF/web.xml
@@ -106,4 +106,10 @@
         </user-data-constraint>
     </security-constraint>
 
+    <session-config>
+        <cookie-config>
+            <http-only>true</http-only>
+        </cookie-config>
+    </session-config>
+
 </web-app>
diff --git a/frontend/webadmin/modules/webadmin/src/main/webapp/WEB-INF/web.xml 
b/frontend/webadmin/modules/webadmin/src/main/webapp/WEB-INF/web.xml
index 90e8b93..8216601 100644
--- a/frontend/webadmin/modules/webadmin/src/main/webapp/WEB-INF/web.xml
+++ b/frontend/webadmin/modules/webadmin/src/main/webapp/WEB-INF/web.xml
@@ -112,4 +112,10 @@
                </user-data-constraint>
        </security-constraint>
 
+    <session-config>
+        <cookie-config>
+            <http-only>true</http-only>
+        </cookie-config>
+    </session-config>
+
 </web-app>


-- 
To view, visit http://gerrit.ovirt.org/25915
To unsubscribe, visit http://gerrit.ovirt.org/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I25ae26677c99f94a5e6d7cfe39444811d13ec29c
Gerrit-PatchSet: 1
Gerrit-Project: ovirt-engine
Gerrit-Branch: master
Gerrit-Owner: Alon Bar-Lev <alo...@redhat.com>
_______________________________________________
Engine-patches mailing list
Engine-patches@ovirt.org
http://lists.ovirt.org/mailman/listinfo/engine-patches

[Engine-patches] Change in ovirt-engine[master]: backend: set HttpOnly for all cookies

Reply via email to