Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Set HttpOnly for all cookies in spark-java

Tags:

java

embedded-jetty

spark-java

I developed a web UI to configure a device. To secure this UI which achieves OWASP top 10 and fix bug that reported by Acunetix application, some improvement must be done on it. One of them is setting HTTP-ONLY for cookies.
How can change/set cookie default attribute in java-spark?

like image 842
M-Razavi Avatar asked Nov 26 '25 17:11

M-Razavi

1 Answers

Please try this:

//set HttpOnly properties for all cookies
for (String key : cookies.keySet()) {
    if (key != null) {
        response.removeCookie(key);
        response.cookie("/", key, cookies.get(key), 200, false, true);
    }
}

Note that it is not possible to change settings of jetty through spark. Adding such feature to spark can considerably facilitate the process of changing cookie-related settings.

like image 99
Mohammad Hadi Avatar answered Nov 28 '25 06:11

Mohammad Hadi

Sign in to Comment

Related questions

How to rollback to a specific change set with Liquibase Command Line
JPA single table inheritance with abstract generics and collection

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!