Enable secure cookies if wwwroot is set to HTTPS
Bug #843573 reported by
François Marier
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| Mahara |
Fix Released
|
Medium
|
François Marier | ||
Bug Description
To further increase our protection against https-to-http downgrades, we should only set Secure Cookies (the ones that browsers will only send over HTTPS) when the wwwroot points to https or when a ssl proxy is enabled.
| Changed in mahara: | |
| milestone: | none → 1.5.0 |
| importance: | Undecided → Medium |
| status: | New → Triaged |
| Changed in mahara: | |
| assignee: | nobody → François Marier (fmarier) |
Revision history for this message
| François Marier (fmarier) wrote | #1 |
| Changed in mahara: | |
| status: | Triaged → In Progress |
Revision history for this message
| Mahara Bot (dev-mahara) wrote A change has been merged | #2 |
| Changed in mahara: | |
| status: | In Progress → Fix Committed |
| summary: |
- Enable secure cookies is wwwroot is set to HTTPS + Enable secure cookies if wwwroot is set to HTTPS |
| Changed in mahara: | |
| status: | Fix Committed → Fix Released |
To post a comment you must log in.
https:/