From 7de21b9fa0c881cadcd9a87543ff2638342f56f3 Mon Sep 17 00:00:00 2001 From: Koichi Kato Date: Wed, 1 Feb 2023 13:53:52 +0900 Subject: [PATCH 1/2] ZCS-12917: added path to ZM_TEST and ZM_LOGIN_CSRF cookies --- WebRoot/public/login.jsp | 2 ++ 1 file changed, 2 insertions(+) diff --git a/WebRoot/public/login.jsp b/WebRoot/public/login.jsp index 4449eff2f6..f0c43bdb20 100644 --- a/WebRoot/public/login.jsp +++ b/WebRoot/public/login.jsp @@ -386,12 +386,14 @@ if (application.getInitParameter("offlineMode") != null) { <% Cookie testCookie = new Cookie("ZM_TEST", "true"); testCookie.setSecure(com.zimbra.cs.taglib.ZJspSession.secureAuthTokenCookie(request)); + testCookie.setPath("/"); response.addCookie(testCookie); String csrfToken = UUID.randomUUID().toString(); Cookie csrfCookie = new Cookie("ZM_LOGIN_CSRF", csrfToken); csrfCookie.setSecure(com.zimbra.cs.taglib.ZJspSession.secureAuthTokenCookie(request)); csrfCookie.setHttpOnly(true); + csrfCookie.setPath("/"); response.addCookie(csrfCookie); pageContext.setAttribute("login_csrf", csrfToken); From 0e3da116dd43345fe72279a86828394df5aac954 Mon Sep 17 00:00:00 2001 From: Koichi Kato Date: Thu, 2 Feb 2023 00:35:45 +0900 Subject: [PATCH 2/2] ZCS-12917: set path to delete ZM_LOGIN_CSRF cookie --- WebRoot/public/login.jsp | 2 ++ 1 file changed, 2 insertions(+) diff --git a/WebRoot/public/login.jsp b/WebRoot/public/login.jsp index f0c43bdb20..1405d86634 100644 --- a/WebRoot/public/login.jsp +++ b/WebRoot/public/login.jsp @@ -153,6 +153,7 @@ // Delete cookie Cookie csrfCookie = new Cookie("ZM_LOGIN_CSRF", ""); csrfCookie.setMaxAge(0); + csrfCookie.setPath("/"); response.addCookie(csrfCookie); pageContext.setAttribute("login_csrf", ""); @@ -188,6 +189,7 @@ // Delete cookie Cookie csrfCookie = new Cookie("ZM_LOGIN_CSRF", ""); csrfCookie.setMaxAge(0); + csrfCookie.setPath("/"); response.addCookie(csrfCookie); pageContext.setAttribute("login_csrf", "");