Univention Bugzilla – Attachment 10759 Details for
Bug 51242
Set cookie security flag if connection via https
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
patch
51242.patch (text/plain), 2.08 KB, created by
Florian Best
on 2021-06-24 14:48:36 CEST
(
hide
)
Description:
patch
Filename:
MIME Type:
Creator:
Florian Best
Created:
2021-06-24 14:48:36 CEST
Size:
2.08 KB
patch
obsolete
>diff --git management/univention-management-console/debian/univention-management-console-web-server.univention-config-registry-variables management/univention-management-console/debian/univention-management-console-web-server.univention-config-registry-variables >index fd18755026..7de8abff44 100644 >--- management/univention-management-console/debian/univention-management-console-web-server.univention-config-registry-variables >+++ management/univention-management-console/debian/univention-management-console-web-server.univention-config-registry-variables >@@ -23,6 +23,13 @@ Type=bool > Categories=management-umc > Default=false > >+[umc/http/enforce-secure-cookie] >+Description[de]=Wenn gesetzt, werden Cookies mit dem Secure-Attribut gesetzt, wenn die Verbindung über HTTPS erfolgt. >+Description[en]=If set, cookies are set with the secure attribute if the connection is using HTTPS. >+Type=bool >+Categories=management-umc >+Default=false >+ > [umc/http/session/timeout] > Description[de]=Nach diesem Zeitraum in Sekunden wird die Browser-Sitzung automatisch geschlossen und eine Neuanmeldung ist notwendig. Ist die Variable nicht gesetzt, gilt 300, also fünf Minuten. > Description[en]=After this time period in seconds the browser session is automatically closed and a renewed login is required. If the variable is unset, 300 applies (i.e. five minutes). >diff --git management/univention-management-console/univention-management-console-web-server management/univention-management-console/univention-management-console-web-server >index 248be4c28a..adb72b5a1e 100755 >--- management/univention-management-console/univention-management-console-web-server >+++ management/univention-management-console/univention-management-console-web-server >@@ -720,6 +720,8 @@ class Ressource(object): > cookie[name]['expires'] = expires.strftime("%a, %d-%b-%Y %H:%M:%S GMT") > cookie[name]['version'] = 1 > cookie[name]['path'] = '/univention/' >+ if cherrypy.request.scheme == 'https' and ucr.is_true('umc/http/enforce-secure-cookie'): >+ cookie[name]['secure'] = True > > def get_cookie(self, name): > cookie = cherrypy.request.cookie.get
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=10759">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 51242
:
10758
| 10759