mahara-contributors team mailing list archive

[François Marier <francois@xxxxxxxxxx>]

Public bug reported:

To further increase our protection against https-to-http downgrades, we
should only set Secure Cookies (the ones that browsers will only send
over HTTPS) when the wwwroot points to https or when a ssl proxy is
enabled.

** Affects: mahara
     Importance: Medium
         Status: Triaged


** Tags: cookies https security

** Changed in: mahara
    Milestone: None => 1.5.0

** Changed in: mahara
   Importance: Undecided => Medium

** Changed in: mahara
       Status: New => Triaged

-- 
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.
https://bugs.launchpad.net/bugs/843573

Title:
  Enable secure cookies is wwwroot is set to HTTPS

Status in Mahara ePortfolio:
  Triaged

Bug description:
  To further increase our protection against https-to-http downgrades,
  we should only set Secure Cookies (the ones that browsers will only
  send over HTTPS) when the wwwroot points to https or when a ssl proxy
  is enabled.

To manage notifications about this bug go to:
https://bugs.launchpad.net/mahara/+bug/843573/+subscriptions