From 7a301f20dba4b22847e7dd915ef343b2d3ea36b0 Mon Sep 17 00:00:00 2001
From: Luanmq <luanmelo.q@gmail.com>
Date: Wed, 19 Jul 2023 16:07:57 -0300
Subject: [PATCH] Adding secure tag to cookie

---
 .../java/teammates/ui/webapi/GetAuthInfoAction.java | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)

diff --git a/src/main/java/teammates/ui/webapi/GetAuthInfoAction.java b/src/main/java/teammates/ui/webapi/GetAuthInfoAction.java
index ed2aaa444ea..b21f717d04c 100644
--- a/src/main/java/teammates/ui/webapi/GetAuthInfoAction.java
+++ b/src/main/java/teammates/ui/webapi/GetAuthInfoAction.java
@@ -13,7 +13,8 @@
 /**
  * Action: gets user authentication information.
  *
- * <p>This does not log in or log out the user.
+ * <p>
+ * This does not log in or log out the user.
  */
 class GetAuthInfoAction extends Action {
 
@@ -42,26 +43,26 @@ public JsonResult execute() {
                         createLoginUrl(frontendUrl, Const.WebPageURIs.STUDENT_HOME_PAGE),
                         createLoginUrl(frontendUrl, Const.WebPageURIs.INSTRUCTOR_HOME_PAGE),
                         createLoginUrl(frontendUrl, Const.WebPageURIs.ADMIN_HOME_PAGE),
-                        createLoginUrl(frontendUrl, Const.WebPageURIs.MAINTAINER_HOME_PAGE)
-                );
+                        createLoginUrl(frontendUrl, Const.WebPageURIs.MAINTAINER_HOME_PAGE));
             } else {
                 output = new AuthInfo(
                         createLoginUrl(frontendUrl, nextUrl),
                         createLoginUrl(frontendUrl, nextUrl),
                         createLoginUrl(frontendUrl, nextUrl),
-                        createLoginUrl(frontendUrl, nextUrl)
-                );
+                        createLoginUrl(frontendUrl, nextUrl));
             }
         } else {
             output = new AuthInfo(userInfo, authType == AuthType.MASQUERADE);
         }
 
         String csrfToken = StringHelper.encrypt(req.getSession().getId());
-        String existingCsrfToken = HttpRequestHelper.getCookieValueFromRequest(req, Const.SecurityConfig.CSRF_COOKIE_NAME);
+        String existingCsrfToken = HttpRequestHelper.getCookieValueFromRequest(req,
+                Const.SecurityConfig.CSRF_COOKIE_NAME);
         if (csrfToken.equals(existingCsrfToken)) {
             return new JsonResult(output);
         }
         Cookie csrfTokenCookie = new Cookie(Const.SecurityConfig.CSRF_COOKIE_NAME, csrfToken);
+        csrfTokenCookie.setSecure(true);
         csrfTokenCookie.setPath("/");
         List<Cookie> cookieList = Collections.singletonList(csrfTokenCookie);
         return new JsonResult(output, cookieList);