Marc Hadley wrote:
> On Jul 24, 2008, at 4:36 AM, Stephan Koops wrote:
>
>> I also think we should be careful to add non standard attributes.
>> Perhaps there are a lot of others, but I don't know.
>>
>> Is it right, that you can handle this HTTPOnly also with
>> CacheControl.cacheExtensins?
>>
> There's a not-entirely-pleasant work around:
>
> NewCookie nc = new NewCookie(...);
> Response r = Response.ok().header("Set-Cookie",
> nc.toString()+";HttpOnly").build();
>
> I'm not really keen to bake in support for non-standard attributes.
As long as NewCookie is not a final class, I can always subclass it in
my application.
Speaking of what the standard is - did not you say a few weeks ago that
RFC 2965 is not widely implemented. Does not the header of 2965 says
that it obsoletes 2109? So, here we are talking about adding a
non-standard flag to the implementation of an obsolete standard. ;-)
Bertold
>
> Marc.
>
>>
>> Marc Hadley schrieb:
>>> Are there other extended attributes or is this a special case ?
>>>
>>> Marc.
>>>
>>> On Jul 23, 2008, at 1:13 PM, Rajiv Mordani wrote:
>>>
>>>> We have added support for HTTP-only cookies in servlet 3.0. It is
>>>> the EDR out there but there is no implementation available as yet.
>>>>
>>>> - Rajiv
>>>>
>>>> Bertold Kolics wrote:
>>>>> Hi,
>>>>>
>>>>> Would it be possible to add support for HTTP-only cookies in the
>>>>> Cookie/NewCookie classes (see
>>>>> http://www.owasp.org/index.php/HTTPOnly)? I understand that this
>>>>> extension is non-standard and does not give full protection
>>>>> against XSS - but it should be trivial to implement.
>>>>>
>>>>> Bertold
>>>>>
>>>>>
>>>>> ---------------------------------------------------------------------
>>>>> To unsubscribe, e-mail: users-unsubscribe_at_jsr311.dev.java.net
>>>>> For additional commands, e-mail: users-help_at_jsr311.dev.java.net
>>>>
>>>> ---------------------------------------------------------------------
>>>> To unsubscribe, e-mail: users-unsubscribe_at_jsr311.dev.java.net
>>>> For additional commands, e-mail: users-help_at_jsr311.dev.java.net
>>>>
>>>
>>> ---
>>> Marc Hadley <marc.hadley at sun.com>
>>> CTO Office, Sun Microsystems.
>>>
>>>
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: users-unsubscribe_at_jsr311.dev.java.net
>>> For additional commands, e-mail: users-help_at_jsr311.dev.java.net
>>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe_at_jsr311.dev.java.net
>> For additional commands, e-mail: users-help_at_jsr311.dev.java.net
>>
>
> ---
> Marc Hadley <marc.hadley at sun.com>
> CTO Office, Sun Microsystems.
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe_at_jsr311.dev.java.net
> For additional commands, e-mail: users-help_at_jsr311.dev.java.net
>