Public bug reported:
To further increase our protection against https-to-http downgrades, we
should only set Secure Cookies (the ones that browsers will only send
over HTTPS) when the wwwroot points to https or when a ssl proxy is
enabled.
** Affects: mahara
Importance: Medium
Status: Triaged
** Tags: cookies https security
** Changed in: mahara
Milestone: None => 1.5.0
** Changed in: mahara
Importance: Undecided => Medium
** Changed in: mahara
Status: New => Triaged
--
You received this bug notification because you are a member of Mahara
Core, which is subscribed to Mahara.
https://bugs.launchpad.net/bugs/843573
Title:
Enable secure cookies is wwwroot is set to HTTPS
Status in Mahara ePortfolio:
Triaged
Bug description:
To further increase our protection against https-to-http downgrades,
we should only set Secure Cookies (the ones that browsers will only
send over HTTPS) when the wwwroot points to https or when a ssl proxy
is enabled.
To manage notifications about this bug go to:
https://bugs.launchpad.net/mahara/+bug/843573/+subscriptions
_______________________________________________
Mailing list: https://launchpad.net/~mahara-core
Post to : [email protected]
Unsubscribe : https://launchpad.net/~mahara-core
More help : https://help.launchpad.net/ListHelp
