From ee427a35fd5bfbcfffceffed4a21347d1816f23b Mon Sep 17 00:00:00 2001 From: Hongwei Date: Tue, 21 Nov 2023 16:21:09 +0100 Subject: [PATCH] refactor/removed the set_response_header_Set-Cookie props --- src/main/resources/props/sample.props.template | 2 -- src/main/scala/bootstrap/liftweb/Boot.scala | 5 ----- 2 files changed, 7 deletions(-) diff --git a/src/main/resources/props/sample.props.template b/src/main/resources/props/sample.props.template index 7d9b2ddf..64c027be 100644 --- a/src/main/resources/props/sample.props.template +++ b/src/main/resources/props/sample.props.template @@ -186,5 +186,3 @@ session_inactivity_timeout_in_minutes = 30 # Please note that depricated name ot this props is: language_tag default_locale = en_GB - -set_response_header_Set-Cookie = "Path=/; HttpOnly; Secure" \ No newline at end of file diff --git a/src/main/scala/bootstrap/liftweb/Boot.scala b/src/main/scala/bootstrap/liftweb/Boot.scala index 6eb439b8..60b95fba 100755 --- a/src/main/scala/bootstrap/liftweb/Boot.scala +++ b/src/main/scala/bootstrap/liftweb/Boot.scala @@ -247,14 +247,9 @@ class Boot extends MdcLoggable{ // Do not change default value } - val setCookieHeader: (String, String) = Props.get("set_response_header_Set-Cookie") match { - case Full(value) => ("Set-Cookie", value) - case _ => ("Set-Cookie", "Path=/; HttpOnly; Secure") - } //for XSS vulnerability, set X-Frame-Options header as DENY LiftRules.supplementalHeaders.default.set( ("X-Frame-Options", "DENY") :: - setCookieHeader :: Nil )