From 06d9d3e05fef2c2b33dbcfc9b3fca64d346111d4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Kubitz?= Date: Tue, 19 Sep 2023 14:24:47 +0200 Subject: [PATCH] send cookies via secure channel https://github.com/eclipse-platform/eclipse.platform/security/code-scanning/24 --- ua/org.eclipse.help.webapp/advanced/index.jsp | 1 + .../src/org/eclipse/help/internal/webapp/data/UrlUtil.java | 1 + .../org/eclipse/help/internal/webapp/servlet/CookieUtil.java | 3 +++ 3 files changed, 5 insertions(+) diff --git a/ua/org.eclipse.help.webapp/advanced/index.jsp b/ua/org.eclipse.help.webapp/advanced/index.jsp index cf733aca1d2..06d987f93c2 100644 --- a/ua/org.eclipse.help.webapp/advanced/index.jsp +++ b/ua/org.eclipse.help.webapp/advanced/index.jsp @@ -19,6 +19,7 @@ if(data.getMode() == LayoutData.MODE_INFOCENTER){ Cookie cookieTest=new Cookie("cookiesEnabled", "yes"); cookieTest.setMaxAge(365*24*60*60); + cookieTest.setSecure(true); response.addCookie(cookieTest); } %> diff --git a/ua/org.eclipse.help.webapp/src/org/eclipse/help/internal/webapp/data/UrlUtil.java b/ua/org.eclipse.help.webapp/src/org/eclipse/help/internal/webapp/data/UrlUtil.java index a2aa7635fd5..eed83e98511 100644 --- a/ua/org.eclipse.help.webapp/src/org/eclipse/help/internal/webapp/data/UrlUtil.java +++ b/ua/org.eclipse.help.webapp/src/org/eclipse/help/internal/webapp/data/UrlUtil.java @@ -574,6 +574,7 @@ private static String getForcedLocale(HttpServletRequest request, // save locale (in session cookie) for later use in a user session if (response != null) { Cookie cookieTest = new Cookie("lang", forcedLocale); //$NON-NLS-1$ + cookieTest.setSecure(true); response.addCookie(cookieTest); } } else { diff --git a/ua/org.eclipse.help.webapp/src/org/eclipse/help/internal/webapp/servlet/CookieUtil.java b/ua/org.eclipse.help.webapp/src/org/eclipse/help/internal/webapp/servlet/CookieUtil.java index 99717abf13b..a518e8b198a 100644 --- a/ua/org.eclipse.help.webapp/src/org/eclipse/help/internal/webapp/servlet/CookieUtil.java +++ b/ua/org.eclipse.help.webapp/src/org/eclipse/help/internal/webapp/servlet/CookieUtil.java @@ -65,6 +65,7 @@ public static void setCookieValue(String name, String value, if ( needsCookiePath(request)) { cookie.setPath(getCookiePath(request)); // Only set path if necessary } + cookie.setSecure(true); response.addCookie(cookie); if (HelpWebappPlugin.DEBUG_WORKINGSETS) { System.out @@ -77,6 +78,7 @@ public static void setCookieValueWithoutPath(String name, String value, Cookie cookie = new Cookie(name, value); cookie.setMaxAge(COOKIE_LIFE); + cookie.setSecure(true); response.addCookie(cookie); if (HelpWebappPlugin.DEBUG_WORKINGSETS) { System.out @@ -109,6 +111,7 @@ protected static void deleteCookieUsingPath(String name, HttpServletRequest requ cookie.setPath(cookiePath); } cookie.setMaxAge(0); + cookie.setSecure(true); response.addCookie(cookie); }