saulteafarmer/Stirling-PDF
1
0
Fork 0
mirror of https://github.com/Stirling-Tools/Stirling-PDF.git synced 2025-06-22 15:35:03 +00:00
Code Issues Packages Projects Releases Wiki Activity

Introduced protections against HTTP header injection / smuggling attacks

Browse Source
This commit is contained in:
pixeebot[bot] 2024-11-29 14:41:02 +00:00 committed by GitHub
parent 329f755823
commit 72636dda9f
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
src/main/java/stirling/software/SPDF/config/security/SecurityConfiguration.java
View File

@ -1,5 +1,6 @@
package stirling.software.SPDF.config.security; package stirling.software.SPDF.config.security;
import io.github.pixee.security.Newlines;
import java.io.IOException; import java.io.IOException;
import java.security.cert.X509Certificate; import java.security.cert.X509Certificate;
import java.util.*; import java.util.*;
@ -181,8 +182,8 @@ public class SecurityConfiguration {
if (request.getRequestURI().startsWith("/saml2")) { if (request.getRequestURI().startsWith("/saml2")) {
response.setHeader("Set-Cookie", response.setHeader("Set-Cookie",
response.getHeader("Set-Cookie") Newlines.stripAll(response.getHeader("Set-Cookie")
.concat(";SameSite=None;Secure")); .concat(";SameSite=None;Secure")));
} }
filterChain.doFilter(request, response); filterChain.doFilter(request, response);
} }