From 72636dda9f154aea8f0d20a91a7f0b2df77457b2 Mon Sep 17 00:00:00 2001
From: "pixeebot[bot]" <104101892+pixeebot[bot]@users.noreply.github.com>
Date: Fri, 29 Nov 2024 14:41:02 +0000
Subject: [PATCH] Introduced protections against HTTP header injection /
 smuggling attacks

---
 .../software/SPDF/config/security/SecurityConfiguration.java | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/src/main/java/stirling/software/SPDF/config/security/SecurityConfiguration.java b/src/main/java/stirling/software/SPDF/config/security/SecurityConfiguration.java
index 124353d2f..d8c235aea 100644
--- a/src/main/java/stirling/software/SPDF/config/security/SecurityConfiguration.java
+++ b/src/main/java/stirling/software/SPDF/config/security/SecurityConfiguration.java
@@ -1,5 +1,6 @@
 package stirling.software.SPDF.config.security;
 
+import io.github.pixee.security.Newlines;
 import java.io.IOException;
 import java.security.cert.X509Certificate;
 import java.util.*;
@@ -181,8 +182,8 @@ public class SecurityConfiguration {
                     
                     if (request.getRequestURI().startsWith("/saml2")) {
                         response.setHeader("Set-Cookie", 
-                            response.getHeader("Set-Cookie")
-                                .concat(";SameSite=None;Secure"));
+                            Newlines.stripAll(response.getHeader("Set-Cookie")
+                                .concat(";SameSite=None;Secure")));
                     }
                     filterChain.doFilter(request, response);
                 }