Issue #251: Secure flag not set on cookie. (conservancy/kallithea)

Chris Wesseling Tue, 08 Nov 2016 07:41:20 -0800

New issue 251: Secure flag not set on cookie.
https://bitbucket.org/conservancy/kallithea/issues/251/secure-flag-not-set-on-cookie


Chris Wesseling:

I'm running 0.3.2 with apache in front of it to provide TLS.
I set these headers on the request to make clear to kallithea that it is being 
accessed securely:

        RequestHeader set X-FORWARDED-PROTOCOL https
        RequestHeader set X-FORWARDED-SSL on
        RequestHeader set X-URL-SCHEME https

And I even tried the advised (even though I don't understand how setting 
something in the apache env can have consequences on a backend that is only 
communicated with through http):

        SetEnvIf X-Url-Scheme https HTTPS=1

But the kallithea-cookie doesn't have the secure flag set (just the httponly 
flag):

Set-Cookie:kallithea=bf7e93[...cut...]db8ce7d9; httponly; Path=/

Is there something in the kallithea config that I should set?


_______________________________________________
kallithea-general mailing list
[email protected]
http://lists.sfconservancy.org/mailman/listinfo/kallithea-general

Issue #251: Secure flag not set on cookie. (conservancy/kallithea)

Reply via email to