Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Enhancement] Set cookie path & http_only to make it more safe #51242

Merged
merged 1 commit into from
Sep 23, 2024
Merged

[Enhancement] Set cookie path & http_only to make it more safe #51242

merged 1 commit into from
Sep 23, 2024

Conversation

rohitrs1983
Copy link
Contributor

@rohitrs1983 rohitrs1983 commented Sep 20, 2024
edited by kevincai
Loading

Why I'm doing:

Using the HttpOnly flag when generating a cookie helps mitigate the risk of client side script accessing the protected cookie.

What I'm doing:

Set cookie path & http_only to make it more safe

Fixes #51241

What type of PR is this:

  • BugFix
  • Feature
  • Enhancement
  • Refactor
  • UT
  • Doc
  • Tool

Does this PR entail a change in behavior?

  • Yes, this PR will result in a change in behavior.
  • No, this PR will not result in a change in behavior.

If yes, please specify the type of change:

  • Interface/UI changes: syntax, type conversion, expression evaluation, display information
  • Parameter changes: default values, similar parameters but with different default values
  • Policy changes: use new policy to replace old one, functionality automatically enabled
  • Feature removed
  • Miscellaneous: upgrade & downgrade compatibility, etc.

Checklist:

  • I have added test cases for my bug fix or my new feature
  • This pr needs user documentation (for new or modified features or behaviors)
    • I have added documentation for my new feature or new function
  • This is a backport pr

Bugfix cherry-pick branch check:

  • I have checked the version labels which the pr will be auto-backported to the target branch
    • 3.3
    • 3.2
    • 3.1
    • 3.0
    • 2.5

@rohitrs1983 rohitrs1983 requested a review from a team as a code owner September 20, 2024 16:52
@sonarcloud SonarCloud
Copy link

sonarcloud bot commented Sep 20, 2024

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

@github-actions GitHub Actions
Copy link

[Java-Extensions Incremental Coverage Report]

pass : 0 / 0 (0%)

@github-actions GitHub Actions
Copy link

[FE Incremental Coverage Report]

pass : 2 / 2 (100.00%)

file detail

path covered_line new_line coverage not_covered_line_detail
🔵 com/starrocks/http/action/WebBaseAction.java 2 2 100.00% []

@github-actions GitHub Actions
Copy link

[BE Incremental Coverage Report]

pass : 0 / 0 (0%)

@alvin-celerdata alvin-celerdata merged commit be34948 into StarRocks:main Sep 23, 2024
50 checks passed
@kevincai
Copy link
Contributor

@Mergifyio backport branch-3.3

@github-actions github-actions bot added the 3.3 label Sep 23, 2024
@mergify Mergify
Copy link
Contributor

mergify bot commented Sep 23, 2024
edited
Loading

backport branch-3.3

✅ Backports have been created

mergify bot pushed a commit that referenced this pull request Sep 23, 2024
@rohitrs1983 @mergify
[Enhancement] Set cookie path & http_only to make it more safe (#51242)
dd8c1b0 
Why I'm doing:
Using the HttpOnly flag when generating a cookie helps mitigate the risk of client side script accessing the protected cookie.

What I'm doing:
Set cookie path & http_only to make it more safe

Fixes #51241

Signed-off-by: Rohit Satardekar <[email protected]>
(cherry picked from commit be34948)
@mergify mergify bot mentioned this pull request Sep 23, 2024
Merged
42 tasks
wanpengfei-git pushed a commit that referenced this pull request Sep 23, 2024
@mergify @rohitrs1983
[Enhancement] Set cookie path & http_only to make it more safe (backp…
78748ed 
…ort #51242) (#51249)

Co-authored-by: Rohit Satardekar <[email protected]>
renzhimin7 pushed a commit to renzhimin7/starrocks that referenced this pull request Nov 7, 2024
@rohitrs1983 @renzhimin7
[Enhancement] Set cookie path & http_only to make it more safe (StarR…
170ee16 
…ocks#51242)

Why I'm doing:
Using the HttpOnly flag when generating a cookie helps mitigate the risk of client side script accessing the protected cookie.

What I'm doing:
Set cookie path & http_only to make it more safe

Fixes StarRocks#51241

Signed-off-by: Rohit Satardekar <[email protected]>
Signed-off-by: zhiminr.ren <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@alvin-celerdata alvin-celerdata alvin-celerdata approved these changes

@kevincai kevincai kevincai approved these changes

Assignees

@rohitrs1983 rohitrs1983

Labels
3.3-merged 3.3
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[Enhancement] Set cookie path & http_only to make it more safe.
3 participants
@rohitrs1983 @kevincai @alvin-celerdata