epriestley 11786fb1cc Don't try to set anonymous session cookie on CDN/file domain ... Summary: Ref T2380. If an install has a CDN domain configured, but does not list it as an alternate domain (which is standard/correct, but not incredibly common, see T2380), we'll currently try to set anonymous cookies on it. These will correctly fail security rules. Instead, don't try to set these cookies. I missed this in testing yesterday because I have a file domain, but I also have it configured as an alternate domain, which allows cookies to be set. Generally, domain management is due for some refactoring. Test Plan: Set file domain but not as an alternate, logged out, nuked file domain cookies, reloaded page. No error after patch. Reviewers: btrahan, csilvers Reviewed By: btrahan CC: aran Maniphest Tasks: T2380 Differential Revision: https://secure.phabricator.com/D8057		2014-01-24 12:29:03 -08:00
..
__tests__	Fix an issue where PHP puts the content type in CONTENT_TYPE instead of HTTP_CONTENT_TYPE	2013-11-11 12:17:34 -08:00
configuration	Aprhont - Adding cookie-prefix, as config option, and into cookie methods	2014-01-17 08:08:40 -08:00
console	Consolidate use of magical cookie name strings	2014-01-23 14:01:35 -08:00
exception	Remove AphrontRedirectException	2013-10-07 13:29:05 -07:00
response	When stopping on redirect, show a full stack trace	2013-11-21 14:38:29 -08:00
sink	Accept and route VCS HTTP requests	2013-10-29 15:32:40 -07:00
AphrontController.php	Allow CelerityResourceResponse to hold resources from multiple maps	2014-01-02 11:59:35 -08:00
AphrontRequest.php	Don't try to set anonymous session cookie on CDN/file domain	2014-01-24 12:29:03 -08:00
AphrontURIMapper.php	Delete license headers from files	2012-11-05 11:16:51 -08:00