------------------------------------------------------------
revno: 1294
committer: Mark Sapiro <msap...@value.net>
branch nick: 2.1
timestamp: Mon 2011-04-25 15:18:56 -0700
message:
Mailman now sets the 'secure' flag in cookies set via https URLs.
Bug #770377.
modified:
Mailman/SecurityManager.py
NEWS
--
lp:mailman/2.1
https://code.launchpad.net/~mailman-coders/mailman/2.1
Your team Mailman Checkins is subscribed to branch lp:mailman/2.1.
To unsubscribe from this branch go to
https://code.launchpad.net/~mailman-coders/mailman/2.1/+edit-subscription
=== modified file 'Mailman/SecurityManager.py'
--- Mailman/SecurityManager.py 2009-09-03 18:12:06 +0000
+++ Mailman/SecurityManager.py 2011-04-25 22:18:56 +0000
@@ -245,8 +245,13 @@
c[key] = binascii.hexlify(marshal.dumps((issued, mac)))
# The path to all Mailman stuff, minus the scheme and host,
# i.e. usually the string `/mailman'
- path = urlparse(self.web_page_url)[2]
+ parsed = urlparse(self.web_page_url)
+ path = parsed.path
c[key]['path'] = path
+ # Make sure to set the 'secure' flag on the cookie if mailman is
+ # accessed by an https url.
+ if parsed.scheme == 'https':
+ c[key]['secure'] = True
# We use session cookies, so don't set `expires' or `max-age' keys.
# Set the RFC 2109 required header.
c[key]['version'] = 1
=== modified file 'NEWS'
--- NEWS 2011-04-24 00:49:15 +0000
+++ NEWS 2011-04-25 22:18:56 +0000
@@ -38,6 +38,9 @@
Bug Fixes and other patches
+ - Mailman now sets the 'secure' flag in cookies set via https URLs.
+ Bug #770377.
+
- Added a logout link to the admindb interface and made both admin and
admindb logout effective for a site admin cookie if allowed.
Bug #769318.
_______________________________________________
Mailman-checkins mailing list
Mailman-checkins@python.org
Unsubscribe:
http://mail.python.org/mailman/options/mailman-checkins/archive%40jab.org
