Merge pull request #231 from constantine2nd/develop

Add props set_response_header_Set-Cookie
2026-02-06 10:47:23 +00:00 · 2023-11-15 08:00:44 +01:00 · 2023-11-15 08:00:44 +01:00 · 76f26037d0
commit 76f26037d0
parent 1aba406a2a 187f3b4cd1
2 changed files with 14 additions and 1 deletions
--- a/src/main/resources/props/sample.props.template
+++ b/src/main/resources/props/sample.props.template
@ -185,4 +185,6 @@ session_inactivity_timeout_in_minutes = 30


 # Please note that depricated name ot this props is: language_tag
-default_locale = en_GB
+default_locale = en_GB
+
+set_response_header_Set-Cookie = "Path=/; HttpOnly; Secure"
--- a/src/main/scala/bootstrap/liftweb/Boot.scala
+++ b/src/main/scala/bootstrap/liftweb/Boot.scala
@ -247,5 +247,16 @@ class Boot extends MdcLoggable{
      // Do not change default value
    }

+    val setCookieHeader: (String, String) = Props.get("set_response_header_Set-Cookie") match {
+      case Full(value) => ("Set-Cookie", value)
+      case _ => ("Set-Cookie", "Path=/; HttpOnly; Secure")
+    }
+    //for XSS vulnerability, set X-Frame-Options header as DENY
+    LiftRules.supplementalHeaders.default.set(
+      ("X-Frame-Options", "DENY") ::
+        setCookieHeader ::
+        Nil
+    )
+
  }
 }