/** * Sets whether the 'HttpOnly' flag should be set for the session cookie. When * set this flag instructs browsers to prevent Javascript access to the the * cookie. Used as a line of defence against the most common XSS attacks. * @param httpOnly true to set the HttpOnly flag on the cookie * @return a reference to this, so the API can be used fluently */ public io.vertx.rxjava.ext.web.handler.SessionHandler setCookieHttpOnlyFlag(boolean httpOnly) { delegate.setCookieHttpOnlyFlag(httpOnly); return this; }
/** * Sets whether the 'HttpOnly' flag should be set for the session cookie. When * set this flag instructs browsers to prevent Javascript access to the the * cookie. Used as a line of defence against the most common XSS attacks. * @param httpOnly true to set the HttpOnly flag on the cookie * @return a reference to this, so the API can be used fluently */ public io.vertx.rxjava.ext.web.handler.SessionHandler setCookieHttpOnlyFlag(boolean httpOnly) { delegate.setCookieHttpOnlyFlag(httpOnly); return this; }
@Test public void testSessionCookieSecureFlagAndHttpOnlyFlags() throws Exception { router.route().handler(CookieHandler.create()); router.route().handler(SessionHandler.create(store).setCookieSecureFlag(true).setCookieHttpOnlyFlag(true)); router.route().handler(rc -> rc.response().end()); testRequest(HttpMethod.GET, "/", null, resp -> { String setCookie = resp.headers().get("set-cookie"); assertTrue(setCookie.contains("; Secure")); assertTrue(setCookie.contains("; HTTPOnly")); }, 200, "OK", null); }
@Test public void testSessionCookieHttpOnlyFlag() throws Exception { router.route().handler(CookieHandler.create()); router.route().handler(SessionHandler.create(store).setCookieHttpOnlyFlag(true)); router.route().handler(rc -> rc.response().end()); testRequest(HttpMethod.GET, "/", null, resp -> { String setCookie = resp.headers().get("set-cookie"); assertTrue(setCookie.contains("; HTTPOnly")); }, 200, "OK", null); }
private void addSessionHandler(Vertx vertx, Router router) { SessionStore sessionStore = clustered ? ClusteredSessionStore.create(vertx) : LocalSessionStore .create(vertx); router.route().handler(CookieHandler.create()); router.route().handler(SessionHandler .create(sessionStore) .setCookieHttpOnlyFlag(true) .setCookieSecureFlag(true) ); } }
@Test public void testSessionCookieSecureFlagAndHttpOnlyFlags() throws Exception { router.route().handler(CookieHandler.create()); router.route().handler(SessionHandler.create(store).setCookieSecureFlag(true).setCookieHttpOnlyFlag(true)); router.route().handler(rc -> rc.response().end()); testRequest(HttpMethod.GET, "/", null, resp -> { String setCookie = resp.headers().get("set-cookie"); assertTrue(setCookie.contains("; Secure")); assertTrue(setCookie.contains("; HTTPOnly")); }, 200, "OK", null); }
@Test public void testSessionCookieHttpOnlyFlag() throws Exception { router.route().handler(CookieHandler.create()); router.route().handler(SessionHandler.create(store).setCookieHttpOnlyFlag(true)); router.route().handler(rc -> rc.response().end()); testRequest(HttpMethod.GET, "/", null, resp -> { String setCookie = resp.headers().get("set-cookie"); assertTrue(setCookie.contains("; HTTPOnly")); }, 200, "OK", null); }