From: Simon Green Date: Thu, 15 Sep 2016 08:49:50 +0000 (+1000) Subject: Bug 399066 - Remove the 'cookiedomain' parameter X-Git-Tag: release-5.1.2~64 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=c67b3b303adba379f3625aa88a61d5fb49bd319d;p=thirdparty%2Fbugzilla.git Bug 399066 - Remove the 'cookiedomain' parameter --- diff --git a/Bugzilla/CGI.pm b/Bugzilla/CGI.pm index d43a68f93c..de4bd23d31 100644 --- a/Bugzilla/CGI.pm +++ b/Bugzilla/CGI.pm @@ -451,8 +451,7 @@ sub send_cookie { # Add the default path and the domain in. my $uri = URI->new(Bugzilla->params->{urlbase}); $paramhash{'-path'} = $uri->path; - $paramhash{'-domain'} = Bugzilla->params->{'cookiedomain'} - if Bugzilla->params->{'cookiedomain'}; + $paramhash{'-domain'} = $uri->host if $uri->host; push(@{$self->{'Bugzilla_cookie_list'}}, $self->cookie(%paramhash)); } diff --git a/Bugzilla/Config/Advanced.pm b/Bugzilla/Config/Advanced.pm index b3968a2546..7a61bf7c47 100644 --- a/Bugzilla/Config/Advanced.pm +++ b/Bugzilla/Config/Advanced.pm @@ -16,12 +16,6 @@ use Bugzilla::Config::Common; our $sortkey = 1700; use constant get_param_list => ( - { - name => 'cookiedomain', - type => 't', - default => '' - }, - { name => 'inbound_proxies', type => 't', diff --git a/docs/en/rst/administering/parameters.rst b/docs/en/rst/administering/parameters.rst index 5835d654f0..3b4b42983e 100644 --- a/docs/en/rst/administering/parameters.rst +++ b/docs/en/rst/administering/parameters.rst @@ -239,10 +239,6 @@ attachment_base :param:`urlbase` or :param:`sslbase`. That is, a different domain name that resolves to this exact same Bugzilla installation. - Note that if you have set the :param:`cookiedomain` parameter, you should - set :param:`attachment_base` to use a domain that would not be matched by - :param:`cookiedomain`. - For added security, you can insert ``%bugid%`` into the URL, which will be replaced with the ID of the current bug that the attachment is on, when you access an attachment. This will limit attachments to accessing only other @@ -825,15 +821,6 @@ confirmuniqueusermatch Advanced ======== -cookiedomain - Defines the domain for Bugzilla cookies. This is typically left blank. - If there are multiple hostnames that point to the same webserver, which - require the same cookie, then this parameter can be utilized. For - example, If your website is at - ``https://bugzilla.example.com/``, setting this to - :paramval:`.example.com/` will also allow - ``attachments.example.com/`` to access Bugzilla cookies. - inbound_proxies When inbound traffic to Bugzilla goes through a proxy, Bugzilla thinks that the IP address of the proxy is the IP address of every single user. If you diff --git a/template/en/default/admin/params/advanced.html.tmpl b/template/en/default/admin/params/advanced.html.tmpl index 1aedc9f9b0..70171bd539 100644 --- a/template/en/default/admin/params/advanced.html.tmpl +++ b/template/en/default/admin/params/advanced.html.tmpl @@ -41,13 +41,6 @@ [% END %] [% param_descs = { - cookiedomain => - "If your website is at 'www.foo.com', setting this to" - _ " '.foo.com' will also allow 'bar.foo.com' to access" - _ " Bugzilla cookies. This is useful if you have more than" - _ " one hostname pointing at the same web server, and you" - _ " want them to share the Bugzilla cookie.", - inbound_proxies => "When inbound traffic to Bugzilla goes through a proxy," _ " Bugzilla thinks that the IP address of every single" diff --git a/template/en/default/admin/params/attachment.html.tmpl b/template/en/default/admin/params/attachment.html.tmpl index c850802ab9..1e65f0ca4c 100644 --- a/template/en/default/admin/params/attachment.html.tmpl +++ b/template/en/default/admin/params/attachment.html.tmpl @@ -31,11 +31,6 @@ _ " that is not the same as urlbase or sslbase." _ " That is, a different domain name that resolves to this exact" _ " same Bugzilla installation.

" - _ "

Note that if you have set the" - _ " cookiedomain" - _" parameter, you should set attachment_base to use a" - _ " domain that would not be matched by" - _ " cookiedomain.

" _ "

For added security, you can insert %bugid% into the URL," _ " which will be replaced with the ID of the current $terms.bug that" _ " the attachment is on, when you access an attachment. This will limit"