Merge pull request #234 from hongwei1/develop

refactor/removed the set_response_header_Set-Cookie props
OpenBankProject · Nov 21, 2023 · 40e289c · 40e289c
2 parents 015cc95 + ee427a3
commit 40e289c
Show file tree

Hide file tree

Showing 2 changed files with 0 additions and 7 deletions.
diff --git a/src/main/resources/props/sample.props.template b/src/main/resources/props/sample.props.template
@@ -186,5 +186,3 @@ session_inactivity_timeout_in_minutes = 30
 
 # Please note that depricated name ot this props is: language_tag
 default_locale = en_GB
-
-set_response_header_Set-Cookie = "Path=/; HttpOnly; Secure"
diff --git a/src/main/scala/bootstrap/liftweb/Boot.scala b/src/main/scala/bootstrap/liftweb/Boot.scala
@@ -247,14 +247,9 @@ class Boot extends MdcLoggable{
       // Do not change default value
     }
 
-    val setCookieHeader: (String, String) = Props.get("set_response_header_Set-Cookie") match {
-      case Full(value) => ("Set-Cookie", value)
-      case _ => ("Set-Cookie", "Path=/; HttpOnly; Secure")
-    }
     //for XSS vulnerability, set X-Frame-Options header as DENY
     LiftRules.supplementalHeaders.default.set(
       ("X-Frame-Options", "DENY") ::
-        setCookieHeader ::
         Nil
     )