mahara-contributors team mailing list archive

Thread
Date

[Bug 843573] A change has been merged

To: mahara-contributors@xxxxxxxxxxxxxxxxxxx
From: Mahara Bot <843573@xxxxxxxxxxxxxxxxxx>
Date: Fri, 11 Nov 2011 02:34:39 -0000
Reply-to: Bug 843573 <843573@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Reviewed:  https://reviews.mahara.org/844
Committed: http://gitorious.org/mahara/mahara/commit/203e12e031ab8d117289a6a38f1df75052eab09d
Submitter: Hugh Davenport (hugh@xxxxxxxxxxxxxxx)
Branch:    master

commit 203e12e031ab8d117289a6a38f1df75052eab09d
Author: Francois Marier <francois@xxxxxxxxxxxxxxx>
Date:   Fri Nov 11 15:28:14 2011 +1300

    Use secure cookies when the site is served over HTTPS
    
    This prevents cookies from being stolen by tricking browsers into
    sending them unencrypted.
    
    Bug #843573
    
    Change-Id: I5dfe45e3721fc85ad2d289cea59c5ad1f4eae91b
    Signed-off-by: Francois Marier <francois@xxxxxxxxxxxxxxx>

-- 
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.
https://bugs.launchpad.net/bugs/843573

Title:
  Enable secure cookies is wwwroot is set to HTTPS

Status in Mahara ePortfolio:
  Fix Committed

Bug description:
  To further increase our protection against https-to-http downgrades,
  we should only set Secure Cookies (the ones that browsers will only
  send over HTTPS) when the wwwroot points to https or when a ssl proxy
  is enabled.

To manage notifications about this bug go to:
https://bugs.launchpad.net/mahara/+bug/843573/+subscriptions

References

[Bug 843573] [NEW] Enable secure cookies is wwwroot is set to HTTPS
From: François Marier, 2011-09-07