Enable secure cookies if wwwroot is set to HTTPS
Bug #843573 reported by
François Marier
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Mahara |
Fix Released
|
Medium
|
François Marier |
Bug Description
To further increase our protection against https-to-http downgrades, we should only set Secure Cookies (the ones that browsers will only send over HTTPS) when the wwwroot points to https or when a ssl proxy is enabled.
Changed in mahara: | |
milestone: | none → 1.5.0 |
importance: | Undecided → Medium |
status: | New → Triaged |
Changed in mahara: | |
assignee: | nobody → François Marier (fmarier) |
Changed in mahara: | |
status: | In Progress → Fix Committed |
summary: |
- Enable secure cookies is wwwroot is set to HTTPS + Enable secure cookies if wwwroot is set to HTTPS |
Changed in mahara: | |
status: | Fix Committed → Fix Released |
To post a comment you must log in.
https:/ /reviews. mahara. org/844