revi-archive/phorge-phorge
1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-11-22 14:52:41 +01:00
Code Issues Releases Wiki Activity

Fix issue where accessing HTTP domain would override HTTPS cookie

Browse source 
Summary: This fixes an issue where visiting http://code.redpointsoftware.com.au/ would log you out of https://code.redpointsoftware.com.au/

Test Plan: Applied this patch to a live server and saw the issue go away.

Reviewers: epriestley, #blessed_reviewers

Reviewed By: epriestley

CC: Korvin, epriestley, aran

Differential Revision: https://secure.phabricator.com/D8244
This commit is contained in:
James Rhodes 2014-02-15 12:20:46 +11:00
parent 34fae7e3d1
commit 569a5be561
1 changed files with 5 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
src/aphront/AphrontRequest.php
View file

@ -305,6 +305,11 @@ final class AphrontRequest {
* @task cookie
*/
private function getCookieDomainURI() {
if (PhabricatorEnv::getEnvConfig('security.require-https') &&
!$this->isHTTPS()) {
return null;
}
$host = $this->getHost();
// If there's no base domain configured, just use whatever the request