mirror of
https://we.phorge.it/source/phorge.git
synced 2024-12-22 21:40:55 +01:00
Fix issue where accessing HTTP domain would override HTTPS cookie
Summary: This fixes an issue where visiting http://code.redpointsoftware.com.au/ would log you out of https://code.redpointsoftware.com.au/ Test Plan: Applied this patch to a live server and saw the issue go away. Reviewers: epriestley, #blessed_reviewers Reviewed By: epriestley CC: Korvin, epriestley, aran Differential Revision: https://secure.phabricator.com/D8244
This commit is contained in:
parent
34fae7e3d1
commit
569a5be561
1 changed files with 5 additions and 0 deletions
|
@ -305,6 +305,11 @@ final class AphrontRequest {
|
|||
* @task cookie
|
||||
*/
|
||||
private function getCookieDomainURI() {
|
||||
if (PhabricatorEnv::getEnvConfig('security.require-https') &&
|
||||
!$this->isHTTPS()) {
|
||||
return null;
|
||||
}
|
||||
|
||||
$host = $this->getHost();
|
||||
|
||||
// If there's no base domain configured, just use whatever the request
|
||||
|
|
Loading…
Reference in a new issue