Merge pull request #7560 from HiranyaKavishani/betaFixing

Fixing security protection issue

Author: malinthaprasan

features/apimgt/org.wso2.carbon.apimgt.publisher.feature/src/main/resources/publisher/services/login/login_callback.jag

@@ -69,7 +69,7 @@
         'name': 'AM_ACC_TOKEN_DEFAULT_P2',
         'value': accessTokenPart2,
         'path': site.context + "/",
-        "HttpOnly": true,
+        "httpOnly": true,
         "secure": true,
         "maxAge": Integer(tokenResponse.expires_in)
     };
@@ -79,7 +79,7 @@
         'name': 'AM_ACC_TOKEN_DEFAULT_P2',
         'value': accessTokenPart2,
         'path': "/api/am/publisher/",
-        "HttpOnly": true,
+        "httpOnly": true,
         "secure": true,
         "maxAge": Integer(tokenResponse.expires_in)
     };
@@ -89,7 +89,7 @@
         'name': 'AM_REF_TOKEN_DEFAULT_P2',
         'value': refreshTokenPart2,
         'path': site.context + "/",
-        "HttpOnly": true,
+        "httpOnly": true,
         "secure": true,
         "maxAge": -1
     };

features/apimgt/org.wso2.carbon.apimgt.publisher.feature/src/main/resources/publisher/services/refresh/refresh.jag

@@ -81,7 +81,7 @@
                 'name': 'AM_ACC_TOKEN_DEFAULT_P2',
                 'value': accessTokenPart2,
                 'path': site.context + "/",
-                "HttpOnly": true,
+                "httpOnly": true,
                 "secure": true,
                 "maxAge": Integer(tokenResponse.expires_in)
             };
@@ -91,7 +91,7 @@
                 'name': 'AM_ACC_TOKEN_DEFAULT_P2',
                 'value': accessTokenPart2,
                 'path': "/api/am/publisher/",
-                "HttpOnly": true,
+                "httpOnly": true,
                 "secure": true,
                 "maxAge": Integer(tokenResponse.expires_in)
             };
@@ -101,7 +101,7 @@
                 'name': 'AM_REF_TOKEN_DEFAULT_P2',
                 'value': refreshTokenPart2,
                 'path': site.context + "/",
-                "HttpOnly": true,
+                "httpOnly": true,
                 "secure": true,
                 "maxAge": -1
             };

features/apimgt/org.wso2.carbon.apimgt.store.feature/src/main/resources/devportal/services/login/idp.jag

@@ -88,7 +88,7 @@
     var authRequestParams = "?response_type=code&client_id=" + clientId + "&scope=" + scopes + "&state=" + state + "&redirect_uri=" + loginCallbackUrl;
     log.debug("Redirecting to = " + authorizeEndpoint + authRequestParams);
 
-    var cookie = {'name': 'CLIENT_ID', 'value': clientId, 'path': "/devportal/", "HttpOnly": false, "secure": true, "maxAge": -1};
+    var cookie = {'name': 'CLIENT_ID', 'value': clientId, 'path': "/devportal/", "httpOnly": false, "secure": true, "maxAge": -1};
     response.addCookie(cookie);
 
     response.sendRedirect(authorizeEndpoint + authRequestParams);

features/apimgt/org.wso2.carbon.apimgt.store.feature/src/main/resources/devportal/services/login/login_callback.jag

@@ -65,13 +65,13 @@
     // Setting access token part 1 as secured HTTP only cookie, Can't restrict the path to /api/am/store
     // because partial HTTP only cookie is required for get the user information from access token,
     // hence setting the HTTP only access token path to /store/
-    var cookie = {'name': 'AM_ACC_TOKEN_DEFAULT_P2', 'value': accessTokenPart2, 'path': site.context + "/", "HttpOnly": true, "secure": true, "maxAge": Integer(tokenResponse.expires_in)};
+    var cookie = {'name': 'AM_ACC_TOKEN_DEFAULT_P2', 'value': accessTokenPart2, 'path': site.context + "/", "httpOnly": true, "secure": true, "maxAge": Integer(tokenResponse.expires_in)};
     response.addCookie(cookie);
 
-    cookie = {'name': 'AM_ACC_TOKEN_DEFAULT_P2', 'value': accessTokenPart2, 'path': "/api/am/store/", "HttpOnly": true, "secure": true, "maxAge": Integer(tokenResponse.expires_in)};
+    cookie = {'name': 'AM_ACC_TOKEN_DEFAULT_P2', 'value': accessTokenPart2, 'path': "/api/am/store/", "httpOnly": true, "secure": true, "maxAge": Integer(tokenResponse.expires_in)};
     response.addCookie(cookie);
 
-    cookie = {'name': 'AM_REF_TOKEN_DEFAULT_P2', 'value': refreshTokenPart2, 'path': site.context + "/", "HttpOnly": true, "secure": true, "maxAge": -1};
+    cookie = {'name': 'AM_REF_TOKEN_DEFAULT_P2', 'value': refreshTokenPart2, 'path': site.context + "/", "httpOnly": true, "secure": true, "maxAge": -1};
     response.addCookie(cookie);
 
     cookie = {'name': 'WSO2_AM_TOKEN_1_Default', 'value': accessTokenPart1, 'path': site.context + "/", "secure": true, "maxAge": Integer(tokenResponse.expires_in)};

features/apimgt/org.wso2.carbon.apimgt.store.feature/src/main/resources/devportal/services/logout/logout_callback.jag

@@ -22,11 +22,11 @@
     include("/services/constants.jag");
     include("/services/jagg.jag");
 
-    var cookie = {'name': 'AM_ACC_TOKEN_DEFAULT_P2', 'value': '', 'path': site.context + "/", "HttpOnly": true, "secure": true, "maxAge": 2};
+    var cookie = {'name': 'AM_ACC_TOKEN_DEFAULT_P2', 'value': '', 'path': site.context + "/", "httpOnly": true, "secure": true, "maxAge": 2};
     response.addCookie(cookie);
-    cookie = {'name': 'AM_ACC_TOKEN_DEFAULT_P2', 'value': '', 'path': "/api/am/store/", "HttpOnly": true, "secure": true, "maxAge": 2};
+    cookie = {'name': 'AM_ACC_TOKEN_DEFAULT_P2', 'value': '', 'path': "/api/am/store/", "httpOnly": true, "secure": true, "maxAge": 2};
     response.addCookie(cookie);
-    cookie = {'name': 'AM_REF_TOKEN_DEFAULT_P2', 'value': '', 'path': site.context + "/", "HttpOnly": true, "secure": true, "maxAge": 2};
+    cookie = {'name': 'AM_REF_TOKEN_DEFAULT_P2', 'value': '', 'path': site.context + "/", "httpOnly": true, "secure": true, "maxAge": 2};
     response.addCookie(cookie);
     cookie = {'name': 'WSO2_AM_TOKEN_1_Default', 'value': '', 'path': site.context + "/", "secure": true, "maxAge": 2};
     response.addCookie(cookie);