#1849 Set / path to CSRF cookie

gbif · Oct 10, 2022 · 3c8da1f · 3c8da1f
1 parent 7312953
commit 3c8da1f
Showing 1 changed file with 2 additions and 1 deletion.
diff --git a/src/main/java/org/gbif/ipt/struts2/CsrfLoginInterceptor.java b/src/main/java/org/gbif/ipt/struts2/CsrfLoginInterceptor.java
@@ -24,6 +24,7 @@
 import javax.servlet.http.Cookie;
 import javax.servlet.http.HttpServletResponse;
 
+import org.apache.commons.lang3.StringUtils;
 import org.apache.struts2.StrutsStatics;
 
 import com.google.inject.Inject;
@@ -75,7 +76,7 @@ public String intercept(ActionInvocation invocation) throws Exception {
 
       try {
         URI iptUri = URI.create(cfg.getBaseUrl());
-        csrfCookie.setPath(iptUri.getPath());
+        csrfCookie.setPath(StringUtils.isEmpty(iptUri.getPath()) ? "/" : iptUri.getPath());
         csrfCookie.setDomain(iptUri.getHost());
         csrfCookie.setSecure(iptUri.getScheme().equalsIgnoreCase("https"));
       } catch (Exception e) {