1. Digital.ai Support
  2. DevOps
  3. Digital.ai Release & Deploy

How to: Enable Secure Flag in Set-Cookie Request Header of Release and Deploy

Avatar
Ram Prasad Ganapathi

Question

How do we enable Secure Flag in Set-Cookie Request Header in Digital.ai Release and Deploy?

Steps to follow

XLRelease

  1. Stop the Release server
  2. Go to the $XLRelease_HOME/conf/xl-release-server.conf file and add the following token:
    secure.cookie.enabled=true
  3. Save the file
  4. Start the XLRelease server
  5. Verify the output as below:
    If you try sample Release curlers you should see the output below with Set-Cookie with Secure flag:
#curl -i -X GET http://localhost:5516/support/system-information -v -u admin

HTTP/1.1 200 OK
Date: Thu, 15 Jun 2023 18:50:19 GMT
Set-Cookie: XSRF-TOKEN=2aaad4a8-4240-4ab0-8115-61a33b730f5c; Path=/; Secure; SameSite=Lax
Expires: Thu, 01 Jan 1970 00:00:00 GMT
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Vary: Accept
Content-Language: en-IN
Content-Type: application/json;charset=utf-8
X-Frame-Options: SAMEORIGIN
Set-Cookie: JSESSIONID=MDI3OGM4MmItNGMxOC00NmVlLWJlZWQtZjFkNGZhYjZiYzRj; Path=/; Secure; HttpOnly;
   SameSite=Lax
Vary: Accept-Encoding, User-Agent
Content-Length: 4424

Note: The same is observed in the browser with Developer Tools -> Storage Tab -> Cookies -> Cookie JSESSIONID -> With Secure enabled.

Deploy:

  1. Stop the Deploy server
  2. Go to $XLDEPLOY_HOME/centralConfiguration/deploy-client.yaml file and set the following token, which will be false by default.:
    secure-cookie-enabled: true
  3. Save the file
  4. Start the Deploy server
  5. Verify the output as below:
    If you try sample XLDeploy curlers you should see the output below with Set-Cookie with Secure flag
#curl http://localhost:4516/xldeploy/server/state -i -X GET -v -u admin
HTTP/1.1 200 OK
Date: Thu, 15 Jun 2023 07:58:53 GMT
Set-Cookie: XSRF-TOKEN=6bbc3dd9-dc46-43da-8120-18a95f3ec696; Path=/
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Language: en-IN
Content-Type: text/xml;charset=utf-8
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
X-Frame-Options: DENY
Set-Cookie: SESSION_XLD=; Max-Age=0; Expires=Thu, 1 Jan 1970 00:00:00 GMT; Path=/; Secure; HttpOnly;
  SameSite=Lax
Content-Length: 65
RUNNING

Note: The same is observed in the browser with Developer Tools -> Storage Tab -> Cookies -> Cookie SESSION_XLD -> With Secure enabled.

 

Was this article helpful?
0 out of 0 found this helpful

Comments

0 comments

Please sign in to leave a comment.

Articles in this section

See more