Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-7586

Cookie domain validation in OpenAM configurator allow new top-level domain cookie

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Minor
    • Resolution: Duplicate
    • Affects Version/s: 11.0.3, 12.0.2, 13.0.0
    • Fix Version/s: None
    • Component/s: configurator
    • Labels:
    • Rank:
      1|hzl9mv:
    • Sprint:
      AM Sustaining Sprint 15

      Description

      Recently, a lot of new top-level domains were created, like .xyz for example.

      In the OpenAM configurator, we check that a cookie shouldn't be a top-level domain.

      We use a library to get the top-level domain call public suffix. However, our library version dependency dates of 2007.

              <publicsuffix.version>1.0.1</publicsuffix.version>
      

      This dependency needs to be update to the new version: https://github.com/whois-server-list/public-suffix-list

      <dependency>
          <groupId>de.malkusch.whois-server-list</groupId>
          <artifactId>public-suffix-list</artifactId>
          <version>2.1.0</version>
      </dependency>
      

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              peter.major Peter Major [X] (Inactive)
              Reporter:
              quentin.castel Quentin CASTEL [X] (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: