1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-11-26 16:52:41 +01:00

Fix issue where accessing HTTP domain would override HTTPS cookie

Summary: This fixes an issue where visiting http://code.redpointsoftware.com.au/ would log you out of https://code.redpointsoftware.com.au/

Test Plan: Applied this patch to a live server and saw the issue go away.

Reviewers: epriestley, #blessed_reviewers

Reviewed By: epriestley

CC: Korvin, epriestley, aran

Differential Revision: https://secure.phabricator.com/D8244
This commit is contained in:
James Rhodes 2014-02-15 12:20:46 +11:00
parent 34fae7e3d1
commit 569a5be561

View file

@ -305,6 +305,11 @@ final class AphrontRequest {
* @task cookie * @task cookie
*/ */
private function getCookieDomainURI() { private function getCookieDomainURI() {
if (PhabricatorEnv::getEnvConfig('security.require-https') &&
!$this->isHTTPS()) {
return null;
}
$host = $this->getHost(); $host = $this->getHost();
// If there's no base domain configured, just use whatever the request // If there's no base domain configured, just use whatever the request