Jetty: Set session cookies to HttpOnly in all webapps

i2psnark: Remove extra mime types in i2psnark web.xml; added to Jetty's default by now, or in our mime.properties file
2015-04-08 19:45:37 +00:00
parent 5486874d1a
commit e5b7e97ff4
5 changed files with 21 additions and 63 deletions
--- a/apps/addressbook/web.xml
+++ b/apps/addressbook/web.xml
@@ -28,4 +28,11 @@
      <url-pattern>/*</url-pattern>
    </servlet-mapping>

+    <!-- this webapp doesn't actually use sessions or cookies -->
+    <session-config>
+        <session-timeout>30</session-timeout>
+        <cookie-config>
+            <http-only>true</http-only>
+        </cookie-config>
+    </session-config>
 </web-app>
--- a/apps/i2psnark/web.xml
+++ b/apps/i2psnark/web.xml
@@ -26,73 +26,14 @@
      <url-pattern>/</url-pattern>
    </servlet-mapping>
    
+    <!-- this webapp doesn't actually use sessions or cookies -->
    <session-config>
        <session-timeout>
            30
        </session-timeout>
+        <cookie-config>
+            <http-only>true</http-only>
+        </cookie-config>
    </session-config>

-
-    <!-- mime types not in mime.properties in the jetty 5.1.15 source -->
-
-    <mime-mapping>
-        <extension>mkv</extension>
-        <mime-type>video/x-matroska</mime-type>
-    </mime-mapping>
-
-    <mime-mapping>
-        <extension>wmv</extension>
-        <mime-type>video/x-ms-wmv</mime-type>
-    </mime-mapping>
-
-    <mime-mapping>
-        <extension>flv</extension>
-        <mime-type>video/x-flv</mime-type>
-    </mime-mapping>
-
-    <mime-mapping>
-        <extension>mp4</extension>
-        <mime-type>video/mp4</mime-type>
-    </mime-mapping>
-
-    <mime-mapping>
-        <extension>rar</extension>
-        <mime-type>application/rar</mime-type>
-    </mime-mapping>
-
-    <mime-mapping>
-        <extension>7z</extension>
-        <mime-type>application/x-7z-compressed</mime-type>
-    </mime-mapping>
-
-    <mime-mapping>
-        <extension>iso</extension>
-        <mime-type>application/x-iso9660-image</mime-type>
-    </mime-mapping>
-
-    <mime-mapping>
-        <extension>ico</extension>
-        <mime-type>image/x-icon</mime-type>
-    </mime-mapping>
-
-    <mime-mapping>
-        <extension>exe</extension>
-        <mime-type>application/x-msdos-program</mime-type>
-    </mime-mapping>
-
-    <mime-mapping>
-        <extension>flac</extension>
-        <mime-type>audio/flac</mime-type>
-    </mime-mapping>
-
-    <mime-mapping>
-        <extension>m4a</extension>
-        <mime-type>audio/mpeg</mime-type>
-    </mime-mapping>
-
-    <mime-mapping>
-        <extension>wma</extension>
-        <mime-type>audio/x-ms-wma</mime-type>
-    </mime-mapping>
-
 </web-app>
--- a/apps/i2ptunnel/jsp/web.xml
+++ b/apps/i2ptunnel/jsp/web.xml
@@ -32,10 +32,14 @@
        <url-pattern>/wizard</url-pattern>
    </servlet-mapping>

+    <!-- this webapp doesn't actually use sessions or cookies -->
    <session-config>
        <session-timeout>
            30
        </session-timeout>
+        <cookie-config>
+            <http-only>true</http-only>
+        </cookie-config>
    </session-config>
    <welcome-file-list>
        <welcome-file>index.html</welcome-file>
--- a/apps/routerconsole/jsp/web.xml
+++ b/apps/routerconsole/jsp/web.xml
@@ -35,6 +35,9 @@
        <session-timeout>
            30
        </session-timeout>
+        <cookie-config>
+            <http-only>true</http-only>
+        </cookie-config>
    </session-config>
    <welcome-file-list>
        <welcome-file>index.html</welcome-file>
--- a/apps/susimail/src/WEB-INF/web.xml
+++ b/apps/susimail/src/WEB-INF/web.xml
@@ -23,6 +23,9 @@
  </servlet-mapping>
  <session-config>
    <session-timeout>1440</session-timeout>
+    <cookie-config>
+      <http-only>true</http-only>
+    </cookie-config>
  </session-config>
  <!-- tomcat (untested) -->
  <context-param>