← Back to team overview

mahara-contributors team mailing list archive

[Bug 843573] Re: Enable secure cookies if wwwroot is set to HTTPS

 

** Summary changed:

- Enable secure cookies is wwwroot is set to HTTPS
+ Enable secure cookies if wwwroot is set to HTTPS

-- 
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.
https://bugs.launchpad.net/bugs/843573

Title:
  Enable secure cookies if wwwroot is set to HTTPS

Status in Mahara ePortfolio:
  Fix Committed

Bug description:
  To further increase our protection against https-to-http downgrades,
  we should only set Secure Cookies (the ones that browsers will only
  send over HTTPS) when the wwwroot points to https or when a ssl proxy
  is enabled.

To manage notifications about this bug go to:
https://bugs.launchpad.net/mahara/+bug/843573/+subscriptions


References