geronimo-scm mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From xuhaih...@apache.org
Subject svn commit: r945012 - /geronimo/server/trunk/plugins/tomcat/geronimo-tomcat7/src/main/java/org/apache/geronimo/tomcat/GeronimoStandardContext.java
Date Mon, 17 May 2010 08:18:31 GMT
Author: xuhaihong
Date: Mon May 17 08:18:30 2010
New Revision: 945012

URL: http://svn.apache.org/viewvc?rev=945012&view=rev
Log:
Although setHttpOnly is recommended for protecting the script to read the cookie values, it
would bust DWR. By default, we will turn off in the GeronimoStandardContext. In Tomcat 7,
it uses the value configured in web.xml and context to determine whether or not this option
is turned on/off, so the users should still have chance to enable it by configuring the cookie-config
in web.xml

Modified:
    geronimo/server/trunk/plugins/tomcat/geronimo-tomcat7/src/main/java/org/apache/geronimo/tomcat/GeronimoStandardContext.java

Modified: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat7/src/main/java/org/apache/geronimo/tomcat/GeronimoStandardContext.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/tomcat/geronimo-tomcat7/src/main/java/org/apache/geronimo/tomcat/GeronimoStandardContext.java?rev=945012&r1=945011&r2=945012&view=diff
==============================================================================
--- geronimo/server/trunk/plugins/tomcat/geronimo-tomcat7/src/main/java/org/apache/geronimo/tomcat/GeronimoStandardContext.java
(original)
+++ geronimo/server/trunk/plugins/tomcat/geronimo-tomcat7/src/main/java/org/apache/geronimo/tomcat/GeronimoStandardContext.java
Mon May 17 08:18:30 2010
@@ -120,6 +120,9 @@ public class GeronimoStandardContext ext
         setXmlNamespaceAware(true);
         // disable Tomcat startup TLD scanning
         setProcessTlds(false);
+        // By default, we configure HttpOnly with false value, as it would cause DWR fail
to work
+        //On the runtime, Tomcat will determine the value based on the configurations in
web.xml and context, so the users still have a chance to open it via web.xml
+        setUseHttpOnly(false);
     }
 
     public void setContextProperties(TomcatContext ctx) throws DeploymentException {



Mime
View raw message