Wicket token ignores domain

Question

I'm need add token to my page to authenticate application in iframe. Problem is, when I set domain to cookie it won't add to page. I create cookie as in wicket example:

  WebResponse webResponse = (WebResponse) RequestCycle.get().getResponse();

  Cookie cookie = new Cookie("MY_AUTH_TOKEN", "token");
  cookie.setPath("/");
  cookie.setDomain("domain_in_iframe.com");

  webResponse.addCookie(cookie);

HTML:

<iframe src="http://domain_in_iframe.com/" style="width:100%; height:500px;">

</iframe>

When setDomain is used cookie is not present in browser. Without using serDomain method cookie is present but shows as cookie with localhost domain.

Even adding cookie by hand in webbrowser works but this code don't. Any ideas why?

score 1 · Answer 1 · edited May 23 '17 at 12:12

1

You cannot set domain different than the current one for security reasons. See https://stackoverflow.com/a/20090012/497381 for more details.

edited May 23 '17 at 12:12

Community

1
1

answered Mar 17 '15 at 21:15

martin-g

17,243
2
23
35

Wicket token ignores domain

1 Answers1