Merge pull request #2333 from hongwei1/develop

refactor/removed the set_response_header_Set-Cookie props
OpenBankProject · Nov 21, 2023 · 48f2e8c · 48f2e8c
2 parents e224a19 + 6fb415f
commit 48f2e8c
Show file tree

Hide file tree

Showing 2 changed files with 0 additions and 8 deletions.
diff --git a/obp-api/src/main/resources/props/sample.props.template b/obp-api/src/main/resources/props/sample.props.template
@@ -1273,9 +1273,6 @@ expectedOpenFuturesPerService=100
 # Enable /Disable IBAN validation
 validate_iban=false
 
-set_response_header_Set-Cookie = "Path=/; HttpOnly; Secure"
-
-
 # Show all dependent connector methods for each endpoint. The default value is false.
 # If set to true, it may consume a significant amount of heap memory.
 #show_used_connector_methods=false
diff --git a/obp-api/src/main/scala/bootstrap/liftweb/Boot.scala b/obp-api/src/main/scala/bootstrap/liftweb/Boot.scala
@@ -680,14 +680,9 @@ class Boot extends MdcLoggable {
     }
 
 
-    val setCookieHeader: (String, String) = getPropsValue("set_response_header_Set-Cookie") match {
-      case Full(value) => ("Set-Cookie", value)
-      case _ => ("Set-Cookie", "Path=/; HttpOnly; Secure")
-    }
     //for XSS vulnerability, set X-Frame-Options header as DENY
     LiftRules.supplementalHeaders.default.set(
       ("X-Frame-Options", "DENY") ::
-        setCookieHeader ::
         Nil
     )