Skip to content

Commit 928991b

Browse files
Avery-DunnAvery-Dunn
authored
Merge pull request #923 from AzureAD/avdunn/codeql-issues
Resolve minor CodeQL issues
2 parents 6a52340 + 55d495b commit 928991b

File tree

2 files changed

+2
-2
lines changed
  • msal4j-sdk/src/samples

2 files changed

+2
-2
lines changed

msal4j-sdk/src/samples/msal-b2c-web-sample/src/main/java/com/microsoft/azure/msalwebsample/CookieHelper.java

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -32,11 +32,11 @@ static void removeStateNonceCookies(HttpServletResponse httpResponse){
3232
Cookie stateCookie = new Cookie(MSAL_WEB_APP_STATE_COOKIE, "");
3333
stateCookie.setMaxAge(0);
3434

35-
// CodeQL [SM00710]: CodeQL flagged this as the 'secure' flag was not set on this cookie, however this is just a sample to help with manual testing.
3635
httpResponse.addCookie(stateCookie);
3736

3837
Cookie nonceCookie = new Cookie(MSAL_WEB_APP_NONCE_COOKIE, "");
3938
nonceCookie.setMaxAge(0);
39+
nonceCookie.setSecure(true);
4040

4141
httpResponse.addCookie(nonceCookie);
4242
}

msal4j-sdk/src/samples/msal-web-sample/src/main/java/com/microsoft/azure/msalwebsample/CookieHelper.java

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -32,11 +32,11 @@ static void removeStateNonceCookies(HttpServletResponse httpResponse){
3232
Cookie stateCookie = new Cookie(MSAL_WEB_APP_STATE_COOKIE, "");
3333
stateCookie.setMaxAge(0);
3434

35-
// CodeQL [java/insecure-cookie]: Suppressing CodeQL warning since this is just a sample
3635
httpResponse.addCookie(stateCookie);
3736

3837
Cookie nonceCookie = new Cookie(MSAL_WEB_APP_NONCE_COOKIE, "");
3938
nonceCookie.setMaxAge(0);
39+
nonceCookie.setSecure(true);
4040

4141
httpResponse.addCookie(nonceCookie);
4242
}

0 commit comments

Comments
 (0)