Return-Path: 
 <commits-return-31437-apmail-ofbiz-commits-archive=ofbiz.apache.org@ofbiz.apache.org>
X-Original-To: apmail-ofbiz-commits-archive@www.apache.org
Delivered-To: apmail-ofbiz-commits-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id BEB6D1826C
	for <apmail-ofbiz-commits-archive@www.apache.org>;
 Sun, 13 Dec 2015 05:47:37 +0000 (UTC)
Received: (qmail 47470 invoked by uid 500); 13 Dec 2015 05:47:37 -0000
Delivered-To: apmail-ofbiz-commits-archive@ofbiz.apache.org
Received: (qmail 47433 invoked by uid 500); 13 Dec 2015 05:47:37 -0000
Mailing-List: contact commits-help@ofbiz.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:commits-help@ofbiz.apache.org>
List-Unsubscribe: <mailto:commits-unsubscribe@ofbiz.apache.org>
List-Post: <mailto:commits@ofbiz.apache.org>
List-Id: <commits.ofbiz.apache.org>
Reply-To: dev@ofbiz.apache.org
Delivered-To: mailing list commits@ofbiz.apache.org
Received: (qmail 47424 invoked by uid 99); 13 Dec 2015 05:47:37 -0000
Received: from Unknown (HELO spamd4-us-west.apache.org) (209.188.14.142)
    by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 13 Dec 2015 05:47:37 +0000
Received: from localhost (localhost [127.0.0.1])
	by spamd4-us-west.apache.org (ASF Mail Server at spamd4-us-west.apache.org)
 with ESMTP id D6E45C0052
	for <commits@ofbiz.apache.org>; Sun, 13 Dec 2015 05:47:36 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at spamd4-us-west.apache.org
X-Spam-Flag: NO
X-Spam-Score: 1.246
X-Spam-Level: *
X-Spam-Status: No, score=1.246 tagged_above=-999 required=6.31
	tests=[KAM_ASCII_DIVIDERS=0.8, KAM_LAZY_DOMAIN_SECURITY=1,
	RP_MATCHES_RCVD=-0.554] autolearn=disabled
Received: from mx1-us-west.apache.org ([10.40.0.8])
	by localhost (spamd4-us-west.apache.org [10.40.0.11]) (amavisd-new,
 port 10024)
	with ESMTP id 2q-l9VmH8Mrx for <commits@ofbiz.apache.org>;
	Sun, 13 Dec 2015 05:47:34 +0000 (UTC)
Received: from mailrelay1-us-west.apache.org (mailrelay1-us-west.apache.org
 [209.188.14.139])
	by mx1-us-west.apache.org (ASF Mail Server at mx1-us-west.apache.org) with
 ESMTP id 87C95265DB
	for <commits@ofbiz.apache.org>; Sun, 13 Dec 2015 05:47:34 +0000 (UTC)
Received: from svn01-us-west.apache.org (svn.apache.org [10.41.0.6])
	by mailrelay1-us-west.apache.org (ASF Mail Server at
 mailrelay1-us-west.apache.org) with ESMTP id 1ABA1E0177
	for <commits@ofbiz.apache.org>; Sun, 13 Dec 2015 05:47:34 +0000 (UTC)
Received: from svn01-us-west.apache.org (localhost [127.0.0.1])
	by svn01-us-west.apache.org (ASF Mail Server at svn01-us-west.apache.org)
 with ESMTP id B5E3F3A02EE
	for <commits@ofbiz.apache.org>; Sun, 13 Dec 2015 05:47:33 +0000 (UTC)
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Subject: svn commit: r1719764 - in /ofbiz/trunk:
 applications/marketing/src/org/ofbiz/marketing/tracking/
 applications/order/src/org/ofbiz/order/shoppinglist/
 applications/securityext/src/org/ofbiz/securityext/login/
 framework/webapp/src/org/ofbiz/webapp/contro...
Date: Sun, 13 Dec 2015 05:47:33 -0000
To: commits@ofbiz.apache.org
From: jleroux@apache.org
X-Mailer: svnmailer-1.0.9
Message-Id: <20151213054733.B5E3F3A02EE@svn01-us-west.apache.org>

Author: jleroux
Date: Sun Dec 13 05:47:33 2015
New Revision: 1719764

URL: http://svn.apache.org/viewvc?rev=1719764&view=rev
Log:
Reverts r1719762 because of OFBIZ-6655

Modified:
    ofbiz/trunk/applications/marketing/src/org/ofbiz/marketing/tracking/TrackingCodeEvents.java
    ofbiz/trunk/applications/order/src/org/ofbiz/order/shoppinglist/ShoppingListEvents.java
    ofbiz/trunk/applications/securityext/src/org/ofbiz/securityext/login/LoginEvents.java
    ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/LoginWorker.java
    ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/RequestHandler.java
    ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/stats/VisitHandler.java

Modified: ofbiz/trunk/applications/marketing/src/org/ofbiz/marketing/tracking/TrackingCodeEvents.java
URL: http://svn.apache.org/viewvc/ofbiz/trunk/applications/marketing/src/org/ofbiz/marketing/tracking/TrackingCodeEvents.java?rev=1719764&r1=1719763&r2=1719764&view=diff
==============================================================================
--- ofbiz/trunk/applications/marketing/src/org/ofbiz/marketing/tracking/TrackingCodeEvents.java (original)
+++ ofbiz/trunk/applications/marketing/src/org/ofbiz/marketing/tracking/TrackingCodeEvents.java Sun Dec 13 05:47:33 2015
@@ -31,14 +31,14 @@ import org.ofbiz.base.util.Debug;
 import org.ofbiz.base.util.UtilDateTime;
 import org.ofbiz.base.util.UtilMisc;
 import org.ofbiz.base.util.UtilValidate;
+import org.ofbiz.webapp.stats.VisitHandler;
+import org.ofbiz.webapp.website.WebSiteWorker;
 import org.ofbiz.entity.Delegator;
 import org.ofbiz.entity.GenericEntityException;
 import org.ofbiz.entity.GenericValue;
 import org.ofbiz.entity.util.EntityQuery;
 import org.ofbiz.entity.util.EntityUtilProperties;
 import org.ofbiz.product.category.CategoryWorker;
-import org.ofbiz.webapp.stats.VisitHandler;
-import org.ofbiz.webapp.website.WebSiteWorker;
 
 /**
  * Events used for maintaining TrackingCode related information
@@ -228,8 +228,6 @@ public class TrackingCodeEvents {
             if (trackableLifetime.longValue() > 0) trackableCookie.setMaxAge(trackableLifetime.intValue());
             trackableCookie.setPath("/");
             if (cookieDomain.length() > 0) trackableCookie.setDomain(cookieDomain);
-            trackableCookie.setSecure(true);
-            trackableCookie.setHttpOnly(true);
             response.addCookie(trackableCookie);
         }
 
@@ -240,8 +238,6 @@ public class TrackingCodeEvents {
             if (billableLifetime.longValue() > 0) billableCookie.setMaxAge(billableLifetime.intValue());
             billableCookie.setPath("/");
             if (cookieDomain.length() > 0) billableCookie.setDomain(cookieDomain);
-            billableCookie.setSecure(true);
-            billableCookie.setHttpOnly(true);
             response.addCookie(billableCookie);
         }
 
@@ -268,17 +264,13 @@ public class TrackingCodeEvents {
                 siteIdCookie.setMaxAge(siteIdCookieAge);
                 siteIdCookie.setPath("/");
                 if (cookieDomain.length() > 0) siteIdCookie.setDomain(cookieDomain);
-                siteIdCookie.setSecure(true);
-                siteIdCookie.setHttpOnly(true);
-                response.addCookie(siteIdCookie);
+                    response.addCookie(siteIdCookie);
                 // if trackingCode.siteId is  not null  write a trackable cookie with name in the form: Ofbiz.TKCSiteId and timeout will be 60 * 60 * 24 * 365
                 Cookie updatedTimeStampCookie = new Cookie("Ofbiz.TKCD.UpdatedTimeStamp" ,UtilDateTime.nowTimestamp().toString());
                 updatedTimeStampCookie.setMaxAge(siteIdCookieAge);
                 updatedTimeStampCookie.setPath("/");
                 if (cookieDomain.length() > 0) updatedTimeStampCookie.setDomain(cookieDomain);
-                updatedTimeStampCookie.setSecure(true);
-                updatedTimeStampCookie.setHttpOnly(true);
-                response.addCookie(updatedTimeStampCookie);
+                    response.addCookie(updatedTimeStampCookie);
             }
         }
 

Modified: ofbiz/trunk/applications/order/src/org/ofbiz/order/shoppinglist/ShoppingListEvents.java
URL: http://svn.apache.org/viewvc/ofbiz/trunk/applications/order/src/org/ofbiz/order/shoppinglist/ShoppingListEvents.java?rev=1719764&r1=1719763&r2=1719764&view=diff
==============================================================================
--- ofbiz/trunk/applications/order/src/org/ofbiz/order/shoppinglist/ShoppingListEvents.java (original)
+++ ofbiz/trunk/applications/order/src/org/ofbiz/order/shoppinglist/ShoppingListEvents.java Sun Dec 13 05:47:33 2015
@@ -669,8 +669,6 @@ public class ShoppingListEvents {
                 Cookie guestShoppingListCookie = new Cookie(guestShoppingUserName, autoSaveListId);
                 guestShoppingListCookie.setMaxAge(cookieAge);
                 guestShoppingListCookie.setPath("/");
-                guestShoppingListCookie.setSecure(true);
-                guestShoppingListCookie.setHttpOnly(true);
                 response.addCookie(guestShoppingListCookie);
             } 
         }
@@ -694,8 +692,6 @@ public class ShoppingListEvents {
         Cookie guestShoppingListCookie = new Cookie(guestShoppingUserName, null);
         guestShoppingListCookie.setMaxAge(0);
         guestShoppingListCookie.setPath("/");
-        guestShoppingListCookie.setSecure(true);
-        guestShoppingListCookie.setHttpOnly(true);
         response.addCookie(guestShoppingListCookie);
         return "success";
     }

Modified: ofbiz/trunk/applications/securityext/src/org/ofbiz/securityext/login/LoginEvents.java
URL: http://svn.apache.org/viewvc/ofbiz/trunk/applications/securityext/src/org/ofbiz/securityext/login/LoginEvents.java?rev=1719764&r1=1719763&r2=1719764&view=diff
==============================================================================
--- ofbiz/trunk/applications/securityext/src/org/ofbiz/securityext/login/LoginEvents.java (original)
+++ ofbiz/trunk/applications/securityext/src/org/ofbiz/securityext/login/LoginEvents.java Sun Dec 13 05:47:33 2015
@@ -430,8 +430,6 @@ public class LoginEvents {
                 cookie.setMaxAge(60 * 60 * 24 * 365);
                 cookie.setPath("/");
                 cookie.setDomain(domain);
-                cookie.setSecure(true);
-                cookie.setHttpOnly(true);
                 response.addCookie(cookie);
             }
         }

Modified: ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/LoginWorker.java
URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/LoginWorker.java?rev=1719764&r1=1719763&r2=1719764&view=diff
==============================================================================
--- ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/LoginWorker.java (original)
+++ ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/LoginWorker.java Sun Dec 13 05:47:33 2015
@@ -763,8 +763,6 @@ public class LoginWorker {
             autoLoginCookie.setMaxAge(60 * 60 * 24 * 365);
             autoLoginCookie.setDomain(domain);
             autoLoginCookie.setPath("/");
-            autoLoginCookie.setSecure(true);
-            autoLoginCookie.setHttpOnly(true);
             response.addCookie(autoLoginCookie);
             return autoLoginCheck(delegator, session, userLogin.getString("userLoginId"));
         } else {
@@ -835,8 +833,6 @@ public class LoginWorker {
             Cookie autoLoginCookie = new Cookie(getAutoLoginCookieName(request), userLogin.getString("userLoginId"));
             autoLoginCookie.setMaxAge(0);
             autoLoginCookie.setPath("/");
-            autoLoginCookie.setSecure(true);
-            autoLoginCookie.setHttpOnly(true);
             response.addCookie(autoLoginCookie);
         }
         // remove the session attributes

Modified: ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/RequestHandler.java
URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/RequestHandler.java?rev=1719764&r1=1719763&r2=1719764&view=diff
==============================================================================
--- ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/RequestHandler.java (original)
+++ ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/RequestHandler.java Sun Dec 13 05:47:33 2015
@@ -1000,25 +1000,14 @@ public class RequestHandler {
                 resp.addHeader("strict-transport-security", strictTransportSecurity);
             }
         } else {
-            if (EntityUtilProperties.getPropertyAsBoolean("requestHandler", "strict-transport-security", true)) {
+            if (EntityUtilProperties.getPropertyAsBoolean("requestHandler", "strict-transport-security", true)) { // FIXME later pass req.getAttribute("delegator") as last argument
                 resp.addHeader("strict-transport-security", "max-age=31536000; includeSubDomains");
             }
         }
         
         //The only x-vontent-type-options defined value, "nosniff", prevents Internet Explorer from MIME-sniffing a response away from the declared content-type. 
         // This also applies to Google Chrome, when downloading extensions.
-        resp.addHeader("x-content-type-options", "nosniff");
-        
-        String setCookie = resp.getHeader("set-cookie");
-        if (UtilValidate.isNotEmpty(setCookie)) {
-            setCookie = setCookie.toLowerCase();
-            if (!setCookie.contains("secure")) {
-            resp.setHeader("set-cookie", setCookie + "; secure;"); // Adds a ";" trail to be sure to separate things
-            }
-            if (!setCookie.contains("httponly")) {
-                resp.setHeader("set-cookie", setCookie + "; httponly;"); // Adds a ";" trail to be sure to separate things
-            }
-        }
+        resp.addHeader("x-content-type-options", "nosniff"); 
 
         try {
             if (Debug.verboseOn()) Debug.logVerbose("Rendering view [" + nextPage + "] of type [" + viewMap.type + "]", module);

Modified: ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/stats/VisitHandler.java
URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/stats/VisitHandler.java?rev=1719764&r1=1719763&r2=1719764&view=diff
==============================================================================
--- ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/stats/VisitHandler.java (original)
+++ ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/stats/VisitHandler.java Sun Dec 13 05:47:33 2015
@@ -271,8 +271,6 @@ public class VisitHandler {
                             Cookie visitorCookie = new Cookie(visitorCookieName, visitor.getString("visitorId"));
                             visitorCookie.setMaxAge(60 * 60 * 24 * 365);
                             visitorCookie.setPath("/");
-                            visitorCookie.setSecure(true);
-                            visitorCookie.setHttpOnly(true);
                             response.addCookie(visitorCookie);
                         }
                     }