Attachment 10759 Details for Bug 51242

[patch] patch

51242.patch (text/plain), 2.08 KB, created by Florian Best on 2021-06-24 14:48 CEST

(hide)

Description:

Filename:

MIME Type:

Creator: Florian Best

Created: 2021-06-24 14:48 CEST

Size: 2.08 KB

patch

obsolete

>diff --git management/univention-management-console/debian/univention-management-console-web-server.univention-config-registry-variables management/univention-management-console/debian/univention-management-console-web-server.univention-config-registry-variables
>index fd18755026..7de8abff44 100644
>--- management/univention-management-console/debian/univention-management-console-web-server.univention-config-registry-variables
>+++ management/univention-management-console/debian/univention-management-console-web-server.univention-config-registry-variables
>@@ -23,6 +23,13 @@ Type=bool
> Categories=management-umc
> Default=false
> 
>+[umc/http/enforce-secure-cookie]
>+Description[de]=Wenn gesetzt, werden Cookies mit dem Secure-Attribut gesetzt, wenn die Verbindung Ã¼ber HTTPS erfolgt.
>+Description[en]=If set, cookies are set with the secure attribute if the connection is using HTTPS.
>+Type=bool
>+Categories=management-umc
>+Default=false
>+
> [umc/http/session/timeout]
> Description[de]=Nach diesem Zeitraum in Sekunden wird die Browser-Sitzung automatisch geschlossen und eine Neuanmeldung ist notwendig. Ist die Variable nicht gesetzt, gilt 300, also fÃ¼nf Minuten.
> Description[en]=After this time period in seconds the browser session is automatically closed and a renewed login is required. If the variable is unset, 300 applies (i.e. five minutes).
>diff --git management/univention-management-console/univention-management-console-web-server management/univention-management-console/univention-management-console-web-server
>index 248be4c28a..adb72b5a1e 100755
>--- management/univention-management-console/univention-management-console-web-server
>+++ management/univention-management-console/univention-management-console-web-server
>@@ -720,6 +720,8 @@ class Ressource(object):
> 				cookie[name]['expires'] = expires.strftime("%a, %d-%b-%Y %H:%M:%S GMT")
> 			cookie[name]['version'] = 1
> 			cookie[name]['path'] = '/univention/'
>+			if cherrypy.request.scheme == 'https' and ucr.is_true('umc/http/enforce-secure-cookie'):
>+				cookie[name]['secure'] = True
> 
> 	def get_cookie(self, name):
> 		cookie = cherrypy.request.cookie.get

Actions: View | Diff

Attachments on bug 51242: 10758 | 10759