From 02ee9e4d53cb653255de9acd216ebe3bf44675ca Mon Sep 17 00:00:00 2001
From: Alex Bogdanovski <alex@erudika.com>
Date: Mon, 18 Jul 2022 13:43:56 +0300
Subject: [PATCH] fixed auth cookie missing secure flag

---
 para-core/src/main/java/com/erudika/para/core/App.java        | 4 ++--
 .../main/java/com/erudika/para/server/utils/HttpUtils.java    | 4 ++++
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/para-core/src/main/java/com/erudika/para/core/App.java b/para-core/src/main/java/com/erudika/para/core/App.java
index 90ef17bb..610d9fd6 100644
--- a/para-core/src/main/java/com/erudika/para/core/App.java
+++ b/para-core/src/main/java/com/erudika/para/core/App.java
@@ -926,8 +926,8 @@ public void addDatatype(String pluralDatatype, String datatype) {
 			return;
 		}
 		if (getDatatypes().size() >= Para.getConfig().maxDatatypesPerApp()) {
-			LoggerFactory.getLogger(App.class).warn("Maximum number of types per app reached - {}.",
-					Para.getConfig().maxDatatypesPerApp());
+			LoggerFactory.getLogger(App.class).warn("Maximum number of types per app reached ({}) for app {}.",
+					Para.getConfig().maxDatatypesPerApp(), getAppIdentifier());
 			return;
 		}
 		if (!getDatatypes().containsKey(pluralDatatype) && !getDatatypes().containsValue(datatype) &&
diff --git a/para-server/src/main/java/com/erudika/para/server/utils/HttpUtils.java b/para-server/src/main/java/com/erudika/para/server/utils/HttpUtils.java
index 2b7c0132..52b2e231 100644
--- a/para-server/src/main/java/com/erudika/para/server/utils/HttpUtils.java
+++ b/para-server/src/main/java/com/erudika/para/server/utils/HttpUtils.java
@@ -18,6 +18,7 @@
 package com.erudika.para.server.utils;
 
 import com.erudika.para.core.utils.Para;
+import com.erudika.para.server.security.SecurityUtils;
 import java.util.TimeZone;
 import javax.servlet.http.Cookie;
 import javax.servlet.http.HttpServletRequest;
@@ -160,6 +161,9 @@ public static void setAuthCookie(String name, String value, int maxAge,
 		sb.append("Expires=").append(expires).append(";");
 		sb.append("Max-Age=").append(maxAge).append(";");
 		sb.append("HttpOnly;");
+		if (StringUtils.startsWithIgnoreCase(SecurityUtils.getRedirectUrl(request), "https://") || request.isSecure()) {
+			sb.append("Secure;");
+		}
 		sb.append("SameSite=Lax");
 		response.addHeader(javax.ws.rs.core.HttpHeaders.SET_COOKIE, sb.toString());
 	}