为spark-java中的所有cookie设置HttpOnly
[英]Set HttpOnly for all cookies in spark-java
问题描述
I developed a web UI to configure a device. 
我开发了一个用于配置设备的Web UI。 To secure this UI which achieves OWASP top 10 and fix bug that reported by Acunetix application, some improvement must be done on it. 为了保证这个实现OWASP前10名的UI并修复Acunetix应用程序报告的bug,必须对其进行一些改进。 One of them is setting HTTP-ONLY for cookies. 其中一个是为cookie设置HTTP-ONLY。
How can change/set cookie default attribute in java-spark? 如何在java-spark中更改/设置cookie默认属性?
1 个解决方案
解决方案1
2 已采纳 2017-12-05 19:22:12
Please try this: 请试试这个:
//set HttpOnly properties for all cookies
for (String key : cookies.keySet()) {
if (key != null) {
response.removeCookie(key);
response.cookie("/", key, cookies.get(key), 200, false, true);
}
}
Note that it is not possible to change settings of jetty through spark. 请注意,无法通过spark更改jetty的设置。 Adding such feature to spark can considerably facilitate the process of changing cookie-related settings. 将此功能添加到spark可以大大简化更改cookie相关设置的过程。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.