From 02efd97e6d1a77e9b3e0756d6364113670c2b359 Mon Sep 17 00:00:00 2001 From: Justin Holmes Date: Wed, 11 May 2022 12:18:33 -0500 Subject: [PATCH 1/7] Fix inability to update http_only_cookie_attribute to false --- .changelog/1602.txt | 4 ++ .../resource_cloudflare_access_application.go | 10 ++--- ...urce_cloudflare_access_application_test.go | 43 ++++++++++++++++++- .../schema_cloudflare_access_application.go | 2 +- .../docs/r/access_application.html.markdown | 2 +- 5 files changed, 52 insertions(+), 9 deletions(-) create mode 100644 .changelog/1602.txt diff --git a/.changelog/1602.txt b/.changelog/1602.txt new file mode 100644 index 0000000000..0a76cb2e21 --- /dev/null +++ b/.changelog/1602.txt @@ -0,0 +1,4 @@ +```release-note:bug +resource/cloudflare_access_application: Fix inability to update +http_only_cookie_attribute to false +``` diff --git a/cloudflare/resource_cloudflare_access_application.go b/cloudflare/resource_cloudflare_access_application.go index 31d78ca1d5..5dba6d6f89 100644 --- a/cloudflare/resource_cloudflare_access_application.go +++ b/cloudflare/resource_cloudflare_access_application.go @@ -40,7 +40,6 @@ func resourceCloudflareAccessApplicationCreate(ctx context.Context, d *schema.Re EnableBindingCookie: d.Get("enable_binding_cookie").(bool), CustomDenyMessage: d.Get("custom_deny_message").(string), CustomDenyURL: d.Get("custom_deny_url").(string), - HttpOnlyCookieAttribute: d.Get("http_only_cookie_attribute").(bool), SameSiteCookieAttribute: d.Get("same_site_cookie_attribute").(string), LogoURL: d.Get("logo_url").(string), SkipInterstitial: d.Get("skip_interstitial").(bool), @@ -48,9 +47,8 @@ func resourceCloudflareAccessApplicationCreate(ctx context.Context, d *schema.Re ServiceAuth401Redirect: d.Get("service_auth_401_redirect").(bool), } - if value, ok := d.GetOk("http_only_cookie_attribute"); ok { - newAccessApplication.HttpOnlyCookieAttribute = value.(bool) - } + value := d.Get("http_only_cookie_attribute").(bool) + newAccessApplication.HttpOnlyCookieAttribute = &value if len(allowedIDPList) > 0 { newAccessApplication.AllowedIdps = allowedIDPList @@ -151,7 +149,6 @@ func resourceCloudflareAccessApplicationUpdate(ctx context.Context, d *schema.Re EnableBindingCookie: d.Get("enable_binding_cookie").(bool), CustomDenyMessage: d.Get("custom_deny_message").(string), CustomDenyURL: d.Get("custom_deny_url").(string), - HttpOnlyCookieAttribute: d.Get("http_only_cookie_attribute").(bool), SameSiteCookieAttribute: d.Get("same_site_cookie_attribute").(string), LogoURL: d.Get("logo_url").(string), SkipInterstitial: d.Get("skip_interstitial").(bool), @@ -159,6 +156,9 @@ func resourceCloudflareAccessApplicationUpdate(ctx context.Context, d *schema.Re ServiceAuth401Redirect: d.Get("service_auth_401_redirect").(bool), } + value := d.Get("http_only_cookie_attribute").(bool) + updatedAccessApplication.HttpOnlyCookieAttribute = &value + if len(allowedIDPList) > 0 { updatedAccessApplication.AllowedIdps = allowedIDPList } diff --git a/cloudflare/resource_cloudflare_access_application_test.go b/cloudflare/resource_cloudflare_access_application_test.go index ed48c52605..062c826e77 100644 --- a/cloudflare/resource_cloudflare_access_application_test.go +++ b/cloudflare/resource_cloudflare_access_application_test.go @@ -215,7 +215,7 @@ func TestAccCloudflareAccessApplication_WithHttpOnlyCookieAttribute(t *testing.T CheckDestroy: testAccCheckCloudflareAccessApplicationDestroy, Steps: []resource.TestStep{ { - Config: testAccCloudflareAccessApplicationConfigWithHttpOnlyCookieAttribute(rnd, zoneID, domain), + Config: testAccCloudflareAccessApplicationConfigWithHTTPOnlyCookieAttribute(rnd, zoneID, domain), Check: resource.ComposeTestCheckFunc( resource.TestCheckResourceAttr(name, "zone_id", zoneID), resource.TestCheckResourceAttr(name, "name", rnd), @@ -229,6 +229,32 @@ func TestAccCloudflareAccessApplication_WithHttpOnlyCookieAttribute(t *testing.T }) } +func TestAccCloudflareAccessApplication_WithHTTPOnlyCookieAttributeSetToFalse(t *testing.T) { + rnd := generateRandomResourceName() + name := fmt.Sprintf("cloudflare_access_application.%s", rnd) + + resource.Test(t, resource.TestCase{ + PreCheck: func() { + testAccessAccPreCheck(t) + }, + Providers: testAccProviders, + CheckDestroy: testAccCheckCloudflareAccessApplicationDestroy, + Steps: []resource.TestStep{ + { + Config: testAccCloudflareAccessApplicationConfigWithHTTPOnlyCookieAttributeSetToFalse(rnd, zoneID, domain), + Check: resource.ComposeTestCheckFunc( + resource.TestCheckResourceAttr(name, "zone_id", zoneID), + resource.TestCheckResourceAttr(name, "name", rnd), + resource.TestCheckResourceAttr(name, "domain", fmt.Sprintf("%s.%s", rnd, domain)), + resource.TestCheckResourceAttr(name, "type", "self_hosted"), + resource.TestCheckResourceAttr(name, "session_duration", "24h"), + resource.TestCheckResourceAttr(name, "http_only_cookie_attribute", "false"), + ), + }, + }, + }) +} + func TestAccCloudflareAccessApplication_WithSameSiteCookieAttribute(t *testing.T) { rnd := generateRandomResourceName() name := fmt.Sprintf("cloudflare_access_application.%s", rnd) @@ -424,7 +450,7 @@ resource "cloudflare_access_application" "%[1]s" { `, rnd, zoneID, domain, accountID) } -func testAccCloudflareAccessApplicationConfigWithHttpOnlyCookieAttribute(rnd, zoneID, domain string) string { +func testAccCloudflareAccessApplicationConfigWithHTTPOnlyCookieAttribute(rnd, zoneID, domain string) string { return fmt.Sprintf(` resource "cloudflare_access_application" "%[1]s" { zone_id = "%[2]s" @@ -437,6 +463,19 @@ resource "cloudflare_access_application" "%[1]s" { `, rnd, zoneID, domain) } +func testAccCloudflareAccessApplicationConfigWithHTTPOnlyCookieAttributeSetToFalse(rnd, zoneID, domain string) string { + return fmt.Sprintf(` +resource "cloudflare_access_application" "%[1]s" { + zone_id = "%[2]s" + name = "%[1]s" + domain = "%[1]s.%[3]s" + type = "self_hosted" + session_duration = "24h" + http_only_cookie_attribute = false +} +`, rnd, zoneID, domain) +} + func testAccCloudflareAccessApplicationConfigSameSiteCookieAttribute(rnd, zoneID, domain string) string { return fmt.Sprintf(` resource "cloudflare_access_application" "%[1]s" { diff --git a/cloudflare/schema_cloudflare_access_application.go b/cloudflare/schema_cloudflare_access_application.go index 8240e6330e..2b0c044f50 100644 --- a/cloudflare/schema_cloudflare_access_application.go +++ b/cloudflare/schema_cloudflare_access_application.go @@ -133,7 +133,7 @@ func resourceCloudflareAccessApplicationSchema() map[string]*schema.Schema { "http_only_cookie_attribute": { Type: schema.TypeBool, Optional: true, - Computed: true, + Default: true, }, "same_site_cookie_attribute": { Type: schema.TypeString, diff --git a/website/docs/r/access_application.html.markdown b/website/docs/r/access_application.html.markdown index 9dfbacf5b1..321f688bc2 100644 --- a/website/docs/r/access_application.html.markdown +++ b/website/docs/r/access_application.html.markdown @@ -72,7 +72,7 @@ The following arguments are supported: dashboard. * `same_site_cookie_attribute` - (Optional) Defines the same-site cookie setting for access tokens. Valid values are `none`, `lax`, and `strict`. -* `http_only_cookie_attribute` - (Optional) Option to add the `HttpOnly` cookie flag to access tokens. +* `http_only_cookie_attribute` - (Optional) Option to add the `HttpOnly` cookie flag to access tokens. Defaults to `true`. * `service_auth_401_redirect` - (Optional) Option to return a 401 status code in service authentication rules on failed requests. From 4ff5bbc3bce20fd72121a24a48404849a8216294 Mon Sep 17 00:00:00 2001 From: Justin Holmes Date: Mon, 16 May 2022 09:03:20 -0500 Subject: [PATCH 2/7] Update cloudflare/resource_cloudflare_access_application.go Co-authored-by: Jacob Bednarz --- cloudflare/resource_cloudflare_access_application.go | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/cloudflare/resource_cloudflare_access_application.go b/cloudflare/resource_cloudflare_access_application.go index 5dba6d6f89..a8678bd1f4 100644 --- a/cloudflare/resource_cloudflare_access_application.go +++ b/cloudflare/resource_cloudflare_access_application.go @@ -47,8 +47,7 @@ func resourceCloudflareAccessApplicationCreate(ctx context.Context, d *schema.Re ServiceAuth401Redirect: d.Get("service_auth_401_redirect").(bool), } - value := d.Get("http_only_cookie_attribute").(bool) - newAccessApplication.HttpOnlyCookieAttribute = &value + newAccessApplication.HttpOnlyCookieAttribute = cloudflare.BoolPtr(d.Get("http_only_cookie_attribute").(bool)) if len(allowedIDPList) > 0 { newAccessApplication.AllowedIdps = allowedIDPList From 06731504588617033c069b3ebb825d7a63a9097c Mon Sep 17 00:00:00 2001 From: Justin Holmes Date: Mon, 16 May 2022 09:03:30 -0500 Subject: [PATCH 3/7] Update .changelog/1602.txt Co-authored-by: Jacob Bednarz --- .changelog/1602.txt | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.changelog/1602.txt b/.changelog/1602.txt index 0a76cb2e21..b98ae5957b 100644 --- a/.changelog/1602.txt +++ b/.changelog/1602.txt @@ -1,4 +1,3 @@ ```release-note:bug -resource/cloudflare_access_application: Fix inability to update -http_only_cookie_attribute to false +resource/cloudflare_access_application: Fix inability to update `http_only_cookie_attribute` to false ``` From e51bb754a0ce35bfe32aa77bf7772007295f4517 Mon Sep 17 00:00:00 2001 From: Jacob Bednarz Date: Thu, 19 May 2022 14:48:02 +1000 Subject: [PATCH 4/7] cleanup Bool/BoolPtr usage --- cloudflare/resource_cloudflare_access_application.go | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/cloudflare/resource_cloudflare_access_application.go b/cloudflare/resource_cloudflare_access_application.go index a8678bd1f4..794deced53 100644 --- a/cloudflare/resource_cloudflare_access_application.go +++ b/cloudflare/resource_cloudflare_access_application.go @@ -40,6 +40,7 @@ func resourceCloudflareAccessApplicationCreate(ctx context.Context, d *schema.Re EnableBindingCookie: d.Get("enable_binding_cookie").(bool), CustomDenyMessage: d.Get("custom_deny_message").(string), CustomDenyURL: d.Get("custom_deny_url").(string), + HttpOnlyCookieAttribute: cloudflare.BoolPtr(d.Get("http_only_cookie_attribute").(bool)), SameSiteCookieAttribute: d.Get("same_site_cookie_attribute").(string), LogoURL: d.Get("logo_url").(string), SkipInterstitial: d.Get("skip_interstitial").(bool), @@ -47,8 +48,6 @@ func resourceCloudflareAccessApplicationCreate(ctx context.Context, d *schema.Re ServiceAuth401Redirect: d.Get("service_auth_401_redirect").(bool), } - newAccessApplication.HttpOnlyCookieAttribute = cloudflare.BoolPtr(d.Get("http_only_cookie_attribute").(bool)) - if len(allowedIDPList) > 0 { newAccessApplication.AllowedIdps = allowedIDPList } @@ -117,7 +116,7 @@ func resourceCloudflareAccessApplicationRead(ctx context.Context, d *schema.Reso d.Set("custom_deny_message", accessApplication.CustomDenyMessage) d.Set("custom_deny_url", accessApplication.CustomDenyURL) d.Set("allowed_idps", accessApplication.AllowedIdps) - d.Set("http_only_cookie_attribute", accessApplication.HttpOnlyCookieAttribute) + d.Set("http_only_cookie_attribute", cloudflare.Bool(accessApplication.HttpOnlyCookieAttribute)) d.Set("same_site_cookie_attribute", accessApplication.SameSiteCookieAttribute) d.Set("skip_interstitial", accessApplication.SkipInterstitial) d.Set("logo_url", accessApplication.LogoURL) @@ -148,6 +147,7 @@ func resourceCloudflareAccessApplicationUpdate(ctx context.Context, d *schema.Re EnableBindingCookie: d.Get("enable_binding_cookie").(bool), CustomDenyMessage: d.Get("custom_deny_message").(string), CustomDenyURL: d.Get("custom_deny_url").(string), + HttpOnlyCookieAttribute: cloudflare.BoolPtr(d.Get("http_only_cookie_attribute").(bool)), SameSiteCookieAttribute: d.Get("same_site_cookie_attribute").(string), LogoURL: d.Get("logo_url").(string), SkipInterstitial: d.Get("skip_interstitial").(bool), @@ -155,9 +155,6 @@ func resourceCloudflareAccessApplicationUpdate(ctx context.Context, d *schema.Re ServiceAuth401Redirect: d.Get("service_auth_401_redirect").(bool), } - value := d.Get("http_only_cookie_attribute").(bool) - updatedAccessApplication.HttpOnlyCookieAttribute = &value - if len(allowedIDPList) > 0 { updatedAccessApplication.AllowedIdps = allowedIDPList } From 2f677a3433e46df1f4ff910b897b7a0de2ecde1b Mon Sep 17 00:00:00 2001 From: Jacob Bednarz Date: Thu, 19 May 2022 14:48:22 +1000 Subject: [PATCH 5/7] use the specific notFoundErr for missing checks --- cloudflare/resource_cloudflare_access_application.go | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/cloudflare/resource_cloudflare_access_application.go b/cloudflare/resource_cloudflare_access_application.go index 794deced53..1f447ffeda 100644 --- a/cloudflare/resource_cloudflare_access_application.go +++ b/cloudflare/resource_cloudflare_access_application.go @@ -98,7 +98,8 @@ func resourceCloudflareAccessApplicationRead(ctx context.Context, d *schema.Reso } if err != nil { - if strings.Contains(err.Error(), "HTTP status 404") { + var notFoundError *cloudflare.NotFoundError + if errors.As(err, ¬FoundError) { log.Printf("[INFO] Access Application %s no longer exists", d.Id()) d.SetId("") return nil From 0d4ee325708047641474ab54222197f43dd4c3b5 Mon Sep 17 00:00:00 2001 From: Jacob Bednarz Date: Thu, 19 May 2022 14:50:44 +1000 Subject: [PATCH 6/7] fix tests for access apps Updates the access application tests to fix a couple of niggly issues. - Don't check both account and zone access applications; we only need to do one or the other. - Check for explicit `cloudflare.NotFoundError` errors when checking the resource still exists. - Remove left over usage of API token clear/reset now the service supports it. --- ...urce_cloudflare_access_application_test.go | 86 ++++--------------- 1 file changed, 19 insertions(+), 67 deletions(-) diff --git a/cloudflare/resource_cloudflare_access_application_test.go b/cloudflare/resource_cloudflare_access_application_test.go index 062c826e77..a98ec50dd5 100644 --- a/cloudflare/resource_cloudflare_access_application_test.go +++ b/cloudflare/resource_cloudflare_access_application_test.go @@ -10,6 +10,7 @@ import ( "github.com/cloudflare/cloudflare-go" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" "github.com/hashicorp/terraform-plugin-sdk/v2/terraform" + "github.com/pkg/errors" ) var ( @@ -17,7 +18,7 @@ var ( domain = os.Getenv("CLOUDFLARE_DOMAIN") ) -func TestAccCloudflareAccessApplication_Basic(t *testing.T) { +func TestAccCloudflareAccessApplication_BasicZone(t *testing.T) { rnd := generateRandomResourceName() name := fmt.Sprintf("cloudflare_access_application.%s", rnd) @@ -42,6 +43,11 @@ func TestAccCloudflareAccessApplication_Basic(t *testing.T) { }, }, }) +} + +func TestAccCloudflareAccessApplication_BasicAccount(t *testing.T) { + rnd := generateRandomResourceName() + name := fmt.Sprintf("cloudflare_access_application.%s", rnd) resource.Test(t, resource.TestCase{ PreCheck: func() { @@ -536,31 +542,27 @@ func testAccCheckCloudflareAccessApplicationDestroy(s *terraform.State) error { continue } - _, err := client.AccessApplication(context.Background(), rs.Primary.Attributes["zone_id"], rs.Primary.ID) - if err == nil { - return fmt.Errorf("AccessApplication still exists") + var notFoundError *cloudflare.NotFoundError + if rs.Primary.Attributes["zone_id"] != "" { + _, err := client.ZoneLevelAccessApplication(context.Background(), rs.Primary.Attributes["zone_id"], rs.Primary.ID) + if !errors.As(err, ¬FoundError) { + return fmt.Errorf("AccessApplication still exists") + } } - _, err = client.AccessApplication(context.Background(), rs.Primary.Attributes["account_id"], rs.Primary.ID) - if err == nil { - return fmt.Errorf("AccessApplication still exists") + if rs.Primary.Attributes["account_id"] != "" { + _, err := client.AccessApplication(context.Background(), rs.Primary.Attributes["account_id"], rs.Primary.ID) + if !errors.As(err, ¬FoundError) { + return fmt.Errorf("AccessApplication still exists") + } } + } return nil } func TestAccCloudflareAccessApplicationWithZoneID(t *testing.T) { - // Temporarily unset CLOUDFLARE_API_TOKEN if it is set as the Access - // service does not yet support the API tokens and it results in - // misleading state error messages. - if os.Getenv("CLOUDFLARE_API_TOKEN") != "" { - defer func(apiToken string) { - os.Setenv("CLOUDFLARE_API_TOKEN", apiToken) - }(os.Getenv("CLOUDFLARE_API_TOKEN")) - os.Setenv("CLOUDFLARE_API_TOKEN", "") - } - rnd := generateRandomResourceName() name := "cloudflare_access_application." + rnd zone := os.Getenv("CLOUDFLARE_DOMAIN") @@ -593,16 +595,6 @@ func TestAccCloudflareAccessApplicationWithZoneID(t *testing.T) { } func TestAccCloudflareAccessApplicationWithMissingCORSMethods(t *testing.T) { - // Temporarily unset CLOUDFLARE_API_TOKEN if it is set as the Access - // service does not yet support the API tokens and it results in - // misleading state error messages. - if os.Getenv("CLOUDFLARE_API_TOKEN") != "" { - defer func(apiToken string) { - os.Setenv("CLOUDFLARE_API_TOKEN", apiToken) - }(os.Getenv("CLOUDFLARE_API_TOKEN")) - os.Setenv("CLOUDFLARE_API_TOKEN", "") - } - rnd := generateRandomResourceName() zone := os.Getenv("CLOUDFLARE_DOMAIN") zoneID := os.Getenv("CLOUDFLARE_ZONE_ID") @@ -623,16 +615,6 @@ func TestAccCloudflareAccessApplicationWithMissingCORSMethods(t *testing.T) { } func TestAccCloudflareAccessApplicationWithMissingCORSOrigins(t *testing.T) { - // Temporarily unset CLOUDFLARE_API_TOKEN if it is set as the Access - // service does not yet support the API tokens and it results in - // misleading state error messages. - if os.Getenv("CLOUDFLARE_API_TOKEN") != "" { - defer func(apiToken string) { - os.Setenv("CLOUDFLARE_API_TOKEN", apiToken) - }(os.Getenv("CLOUDFLARE_API_TOKEN")) - os.Setenv("CLOUDFLARE_API_TOKEN", "") - } - rnd := generateRandomResourceName() zone := os.Getenv("CLOUDFLARE_DOMAIN") zoneID := os.Getenv("CLOUDFLARE_ZONE_ID") @@ -653,16 +635,6 @@ func TestAccCloudflareAccessApplicationWithMissingCORSOrigins(t *testing.T) { } func TestAccCloudflareAccessApplicationWithInvalidSessionDuration(t *testing.T) { - // Temporarily unset CLOUDFLARE_API_TOKEN if it is set as the Access - // service does not yet support the API tokens and it results in - // misleading state error messages. - if os.Getenv("CLOUDFLARE_API_TOKEN") != "" { - defer func(apiToken string) { - os.Setenv("CLOUDFLARE_API_TOKEN", apiToken) - }(os.Getenv("CLOUDFLARE_API_TOKEN")) - os.Setenv("CLOUDFLARE_API_TOKEN", "") - } - rnd := generateRandomResourceName() zone := os.Getenv("CLOUDFLARE_DOMAIN") zoneID := os.Getenv("CLOUDFLARE_ZONE_ID") @@ -683,16 +655,6 @@ func TestAccCloudflareAccessApplicationWithInvalidSessionDuration(t *testing.T) } func TestAccCloudflareAccessApplicationMisconfiguredCORSCredentialsAllowingAllOrigins(t *testing.T) { - // Temporarily unset CLOUDFLARE_API_TOKEN if it is set as the Access - // service does not yet support the API tokens and it results in - // misleading state error messages. - if os.Getenv("CLOUDFLARE_API_TOKEN") != "" { - defer func(apiToken string) { - os.Setenv("CLOUDFLARE_API_TOKEN", apiToken) - }(os.Getenv("CLOUDFLARE_API_TOKEN")) - os.Setenv("CLOUDFLARE_API_TOKEN", "") - } - rnd := generateRandomResourceName() zone := os.Getenv("CLOUDFLARE_DOMAIN") zoneID := os.Getenv("CLOUDFLARE_ZONE_ID") @@ -713,16 +675,6 @@ func TestAccCloudflareAccessApplicationMisconfiguredCORSCredentialsAllowingAllOr } func TestAccCloudflareAccessApplicationMisconfiguredCORSCredentialsAllowingWildcardOrigins(t *testing.T) { - // Temporarily unset CLOUDFLARE_API_TOKEN if it is set as the Access - // service does not yet support the API tokens and it results in - // misleading state error messages. - if os.Getenv("CLOUDFLARE_API_TOKEN") != "" { - defer func(apiToken string) { - os.Setenv("CLOUDFLARE_API_TOKEN", apiToken) - }(os.Getenv("CLOUDFLARE_API_TOKEN")) - os.Setenv("CLOUDFLARE_API_TOKEN", "") - } - rnd := generateRandomResourceName() zone := os.Getenv("CLOUDFLARE_DOMAIN") zoneID := os.Getenv("CLOUDFLARE_ZONE_ID") From bbd1a9838d2a95686d5fceb33ae958e77ca97b37 Mon Sep 17 00:00:00 2001 From: Jacob Bednarz Date: Wed, 25 May 2022 14:58:29 +1000 Subject: [PATCH 7/7] update tests --- .../provider/resource_cloudflare_access_application_test.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/internal/provider/resource_cloudflare_access_application_test.go b/internal/provider/resource_cloudflare_access_application_test.go index b5135bfcaf..7845a8e602 100644 --- a/internal/provider/resource_cloudflare_access_application_test.go +++ b/internal/provider/resource_cloudflare_access_application_test.go @@ -243,8 +243,8 @@ func TestAccCloudflareAccessApplication_WithHTTPOnlyCookieAttributeSetToFalse(t PreCheck: func() { testAccessAccPreCheck(t) }, - Providers: testAccProviders, - CheckDestroy: testAccCheckCloudflareAccessApplicationDestroy, + ProviderFactories: providerFactories, + CheckDestroy: testAccCheckCloudflareAccessApplicationDestroy, Steps: []resource.TestStep{ { Config: testAccCloudflareAccessApplicationConfigWithHTTPOnlyCookieAttributeSetToFalse(rnd, zoneID, domain),