mahara-contributors team mailing list archive
-
mahara-contributors team
-
Mailing list archive
-
Message #07325
[Bug 843573] Re: Enable secure cookies if wwwroot is set to HTTPS
** Summary changed:
- Enable secure cookies is wwwroot is set to HTTPS
+ Enable secure cookies if wwwroot is set to HTTPS
--
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.
https://bugs.launchpad.net/bugs/843573
Title:
Enable secure cookies if wwwroot is set to HTTPS
Status in Mahara ePortfolio:
Fix Committed
Bug description:
To further increase our protection against https-to-http downgrades,
we should only set Secure Cookies (the ones that browsers will only
send over HTTPS) when the wwwroot points to https or when a ssl proxy
is enabled.
To manage notifications about this bug go to:
https://bugs.launchpad.net/mahara/+bug/843573/+subscriptions
References