https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=25360
Nick Clemens changed:
What|Removed |Added
See Also||https://bugs.koha-community
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=25360
Jonathan Druart changed:
What|Removed |Added
Version(s)|19.05.14, 19.11.09 |20.11.00, 20.05.03,
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=25360
Jonathan Druart changed:
What|Removed |Added
Keywords|RM_priority |
--
You are receiving
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=25360
Lucas Gass changed:
What|Removed |Added
Product|Koha security |Koha
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=25360
Jonathan Druart changed:
What|Removed |Added
CC|
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=25360
David Cook changed:
What|Removed |Added
Assignee|koha-b...@lists.koha-commun |dc...@prosentient.com.au
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=25360
--- Comment #4 from David Cook ---
(In reply to David Cook from comment #2)
> Actually, it looks like Bug 21267 adds support for X-Forwarded-Proto for
> Plack-enabled Koha.
>
> I think for now I'll write this patch using
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=25360
--- Comment #3 from David Cook ---
Created attachment 104244
-->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=104244=edit
Bug 25360: Use secure flag for CGISESSID cookie when using HTTPS
This patch adds the secure
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=25360
David Cook changed:
What|Removed |Added
Status|NEW |Needs Signoff
Patch
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=25360
--- Comment #2 from David Cook ---
Actually, it looks like Bug 21267 adds support for X-Forwarded-Proto for
Plack-enabled Koha.
I think for now I'll write this patch using $ENV->{HTTPS}, which will only work
for Plack-enabled
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=25360
--- Comment #1 from David Cook ---
I'm debating with myself how best to implement it.
On one hand, requiring a cookie to be sent over HTTPS could make legitimate
automated testing harder/impossible, and not everyone necessarily
11 matches
Mail list logo