Bug 1342795 - When urlbase is https, force the secure flag to be set on cookies.

author Dylan William Hardison <dylan@hardison.net>

Mon, 6 Mar 2017 00:50:01 +0000 (19:50 -0500)

committer Dylan William Hardison <dylan@hardison.net>

Sun, 26 Mar 2017 02:00:07 +0000 (19:00 -0700)
author Dylan William Hardison <dylan@hardison.net>
Mon, 6 Mar 2017 00:50:01 +0000 (19:50 -0500)
committer Dylan William Hardison <dylan@hardison.net>
Sun, 26 Mar 2017 02:00:07 +0000 (19:00 -0700)
diff --git a/Bugzilla/CGI.pm b/Bugzilla/CGI.pm

index 14a9a5720fa46691a7a3741b65184783bbbb91e6..edfc7ba70f63dff4edcbb147720e72018c2acdab 100644 (file)
--- a/Bugzilla/CGI.pm
+++ b/Bugzilla/CGI.pm
@@ -332,7 +332,10 @@ sub header {
          && !$self->cookie('Bugzilla_login_request_cookie'))
      {
          my %args;
-        $args{'-secure'} = 1 if Bugzilla->params->{ssl_redirect};
+        my $params = Bugzilla->params;
+        if ($params->{ssl_redirect} || $params->{urlbase} =~ /^https/i) {
+            $args{'-secure'} = 1;
+        }
  
          $self->send_cookie(-name => 'Bugzilla_login_request_cookie',
                             -value => generate_random_password(),
diff --git a/Bugzilla/Util.pm b/Bugzilla/Util.pm

index d2be18431b65b1807e7bfd987ec86d6050a988e4..fcd4aff918de539f0e75b00d9aaecba4768aa1cc 100644 (file)
--- a/Bugzilla/Util.pm
+++ b/Bugzilla/Util.pm
@@ -272,6 +272,7 @@ sub i_am_webservice {
  # (doing so can mess up XML-RPC).
  sub do_ssl_redirect_if_required {
      return if !i_am_cgi();
+    return if Bugzilla->params->{urlbase} =~ /^https/i;
      return if !Bugzilla->params->{'ssl_redirect'};
      return if !Bugzilla->params->{'sslbase'};
author	Dylan William Hardison <dylan@hardison.net>
	Mon, 6 Mar 2017 00:50:01 +0000 (19:50 -0500)
committer	Dylan William Hardison <dylan@hardison.net>
	Sun, 26 Mar 2017 02:00:07 +0000 (19:00 -0700)
Bugzilla/CGI.pm		patch \| blob \| blame \| history
Bugzilla/Util.pm		patch \| blob \| blame \| history