Issue | Fix Version | Assignee | Priority | Status | Resolution | Resolved In Build |
---|---|---|---|---|---|---|
JDK-2219511 | 7u4 | Chris Hegarty | P2 | Closed | Fixed | b07 |
Once CR 7077220 is fixed the Plugin CookieHandler may be able to retrieve HttpOnly cookies from the browsers cookie store. This CR is concerned with ensuring HttpOnly cookies are not accessible to application code ( trusted or untrusted ).
HttpOnly cookies should only be accessible to the HTTP client implementation, so that they can be used in HTTP requests, and NOT anywhere else.
HttpOnly cookies should only be accessible to the HTTP client implementation, so that they can be used in HTTP requests, and NOT anywhere else.
- backported by
-
JDK-2219511 Ensure HttpURLConnection (and supporting APIs) don't expose HttpOnly cookies
-
- Closed
-
- duplicates
-
JDK-8014034 Certain Set-Cookie lines in headers appear as null in recent versions of 1.7.0
-
- Closed
-
- relates to
-
JDK-7128648 HttpURLConnection.getHeaderFields should return an unmodifiable Map
-
- Closed
-
-
JDK-8036017 Set-Cookie response header is read as empty after setting CookieManager
-
- Closed
-
-
JDK-7077220 Plugin CookieHandler ignores HttpOnly cookies
-
- Closed
-