fixed auth cookie missing secure flag

Erudika · Jul 18, 2022 · 02ee9e4 · 02ee9e4
1 parent b8d78a9
commit 02ee9e4
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 2 deletions.
diff --git a/para-core/src/main/java/com/erudika/para/core/App.java b/para-core/src/main/java/com/erudika/para/core/App.java
@@ -926,8 +926,8 @@ public void addDatatype(String pluralDatatype, String datatype) {
 			return;
 		}
 		if (getDatatypes().size() >= Para.getConfig().maxDatatypesPerApp()) {
-			LoggerFactory.getLogger(App.class).warn("Maximum number of types per app reached - {}.",
-					Para.getConfig().maxDatatypesPerApp());
+			LoggerFactory.getLogger(App.class).warn("Maximum number of types per app reached ({}) for app {}.",
+					Para.getConfig().maxDatatypesPerApp(), getAppIdentifier());
 			return;
 		}
 		if (!getDatatypes().containsKey(pluralDatatype) && !getDatatypes().containsValue(datatype) &&

diff --git a/para-server/src/main/java/com/erudika/para/server/utils/HttpUtils.java b/para-server/src/main/java/com/erudika/para/server/utils/HttpUtils.java
@@ -18,6 +18,7 @@
 package com.erudika.para.server.utils;
 
 import com.erudika.para.core.utils.Para;
+import com.erudika.para.server.security.SecurityUtils;
 import java.util.TimeZone;
 import javax.servlet.http.Cookie;
 import javax.servlet.http.HttpServletRequest;
@@ -160,6 +161,9 @@ public static void setAuthCookie(String name, String value, int maxAge,
 		sb.append("Expires=").append(expires).append(";");
 		sb.append("Max-Age=").append(maxAge).append(";");
 		sb.append("HttpOnly;");
+		if (StringUtils.startsWithIgnoreCase(SecurityUtils.getRedirectUrl(request), "https://") || request.isSecure()) {
+			sb.append("Secure;");
+		}
 		sb.append("SameSite=Lax");
 		response.addHeader(javax.ws.rs.core.HttpHeaders.SET_COOKIE, sb.toString());
 	}