artin/API-Explorer
1
0
Fork 0
mirror of https://github.com/OpenBankProject/API-Explorer.git synced 2026-02-06 10:47:23 +00:00
Code Issues Packages Projects Releases Wiki Activity

refactor/removed the set_response_header_Set-Cookie props

Browse Source
This commit is contained in:
Hongwei 2023-11-21 16:21:09 +01:00
parent eb0a6255ce
commit ee427a35fd
2 changed files with 0 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/main/resources/props/sample.props.template
View File

@ -186,5 +186,3 @@ session_inactivity_timeout_in_minutes = 30
# Please note that depricated name ot this props is: language_tag
default_locale = en_GB
set_response_header_Set-Cookie = "Path=/; HttpOnly; Secure"

5
src/main/scala/bootstrap/liftweb/Boot.scala
View File

@ -247,14 +247,9 @@ class Boot extends MdcLoggable{
// Do not change default value
}
val setCookieHeader: (String, String) = Props.get("set_response_header_Set-Cookie") match {
case Full(value) => ("Set-Cookie", value)
case _ => ("Set-Cookie", "Path=/; HttpOnly; Secure")
}
//for XSS vulnerability, set X-Frame-Options header as DENY
LiftRules.supplementalHeaders.default.set(
("X-Frame-Options", "DENY") ::
setCookieHeader ::
Nil
)