Skip to content

Commit

Permalink
Merge pull request #231 from constantine2nd/develop
Browse files Browse the repository at this point in the history
Add props set_response_header_Set-Cookie
  • Loading branch information
simonredfern authored Nov 15, 2023
2 parents 1aba406 + 187f3b4 commit 76f2603
Show file tree
Hide file tree
Showing 2 changed files with 14 additions and 1 deletion.
4 changes: 3 additions & 1 deletion src/main/resources/props/sample.props.template
Original file line number Diff line number Diff line change
Expand Up @@ -185,4 +185,6 @@ session_inactivity_timeout_in_minutes = 30


# Please note that depricated name ot this props is: language_tag
default_locale = en_GB
default_locale = en_GB

set_response_header_Set-Cookie = "Path=/; HttpOnly; Secure"
11 changes: 11 additions & 0 deletions src/main/scala/bootstrap/liftweb/Boot.scala
Original file line number Diff line number Diff line change
Expand Up @@ -247,5 +247,16 @@ class Boot extends MdcLoggable{
// Do not change default value
}

val setCookieHeader: (String, String) = Props.get("set_response_header_Set-Cookie") match {
case Full(value) => ("Set-Cookie", value)
case _ => ("Set-Cookie", "Path=/; HttpOnly; Secure")
}
//for XSS vulnerability, set X-Frame-Options header as DENY
LiftRules.supplementalHeaders.default.set(
("X-Frame-Options", "DENY") ::
setCookieHeader ::
Nil
)

}
}

0 comments on commit 76f2603

Please sign in to comment.