Skip to content

Commit

Permalink
refactor/removed the set_response_header_Set-Cookie props
Browse files Browse the repository at this point in the history
  • Loading branch information
tawoe authored and hongwei1 committed Nov 21, 2023
1 parent e224a19 commit 6fb415f
Show file tree
Hide file tree
Showing 2 changed files with 0 additions and 8 deletions.
3 changes: 0 additions & 3 deletions obp-api/src/main/resources/props/sample.props.template
Original file line number Diff line number Diff line change
Expand Up @@ -1273,9 +1273,6 @@ expectedOpenFuturesPerService=100
# Enable /Disable IBAN validation
validate_iban=false

set_response_header_Set-Cookie = "Path=/; HttpOnly; Secure"


# Show all dependent connector methods for each endpoint. The default value is false.
# If set to true, it may consume a significant amount of heap memory.
#show_used_connector_methods=false
5 changes: 0 additions & 5 deletions obp-api/src/main/scala/bootstrap/liftweb/Boot.scala
Original file line number Diff line number Diff line change
Expand Up @@ -680,14 +680,9 @@ class Boot extends MdcLoggable {
}


val setCookieHeader: (String, String) = getPropsValue("set_response_header_Set-Cookie") match {
case Full(value) => ("Set-Cookie", value)
case _ => ("Set-Cookie", "Path=/; HttpOnly; Secure")
}
//for XSS vulnerability, set X-Frame-Options header as DENY
LiftRules.supplementalHeaders.default.set(
("X-Frame-Options", "DENY") ::
setCookieHeader ::
Nil
)

Expand Down

0 comments on commit 6fb415f

Please sign in to comment.