mirror of
https://we.phorge.it/source/phorge.git
synced 2024-11-26 16:52:41 +01:00
Fix issue where accessing HTTP domain would override HTTPS cookie
Summary: This fixes an issue where visiting http://code.redpointsoftware.com.au/ would log you out of https://code.redpointsoftware.com.au/ Test Plan: Applied this patch to a live server and saw the issue go away. Reviewers: epriestley, #blessed_reviewers Reviewed By: epriestley CC: Korvin, epriestley, aran Differential Revision: https://secure.phabricator.com/D8244
This commit is contained in:
parent
34fae7e3d1
commit
569a5be561
1 changed files with 5 additions and 0 deletions
|
@ -305,6 +305,11 @@ final class AphrontRequest {
|
||||||
* @task cookie
|
* @task cookie
|
||||||
*/
|
*/
|
||||||
private function getCookieDomainURI() {
|
private function getCookieDomainURI() {
|
||||||
|
if (PhabricatorEnv::getEnvConfig('security.require-https') &&
|
||||||
|
!$this->isHTTPS()) {
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
|
||||||
$host = $this->getHost();
|
$host = $this->getHost();
|
||||||
|
|
||||||
// If there's no base domain configured, just use whatever the request
|
// If there's no base domain configured, just use whatever the request
|
||||||
|
|
Loading…
Reference in a new issue