# Add the default path and the domain in.
my $uri = URI->new(Bugzilla->params->{urlbase});
$paramhash{'-path'} = $uri->path;
- $paramhash{'-domain'} = Bugzilla->params->{'cookiedomain'}
- if Bugzilla->params->{'cookiedomain'};
+ $paramhash{'-domain'} = $uri->host if $uri->host;
push(@{$self->{'Bugzilla_cookie_list'}}, $self->cookie(%paramhash));
}
our $sortkey = 1700;
use constant get_param_list => (
- {
- name => 'cookiedomain',
- type => 't',
- default => ''
- },
-
{
name => 'inbound_proxies',
type => 't',
:param:`urlbase` or :param:`sslbase`. That is, a different domain name that
resolves to this exact same Bugzilla installation.
- Note that if you have set the :param:`cookiedomain` parameter, you should
- set :param:`attachment_base` to use a domain that would not be matched by
- :param:`cookiedomain`.
-
For added security, you can insert ``%bugid%`` into the URL, which will be
replaced with the ID of the current bug that the attachment is on, when you
access an attachment. This will limit attachments to accessing only other
Advanced
========
-cookiedomain
- Defines the domain for Bugzilla cookies. This is typically left blank.
- If there are multiple hostnames that point to the same webserver, which
- require the same cookie, then this parameter can be utilized. For
- example, If your website is at
- ``https://bugzilla.example.com/``, setting this to
- :paramval:`.example.com/` will also allow
- ``attachments.example.com/`` to access Bugzilla cookies.
-
inbound_proxies
When inbound traffic to Bugzilla goes through a proxy, Bugzilla thinks that
the IP address of the proxy is the IP address of every single user. If you
[% END %]
[% param_descs = {
- cookiedomain =>
- "If your website is at 'www.foo.com', setting this to"
- _ " '.foo.com' will also allow 'bar.foo.com' to access"
- _ " Bugzilla cookies. This is useful if you have more than"
- _ " one hostname pointing at the same web server, and you"
- _ " want them to share the Bugzilla cookie.",
-
inbound_proxies =>
"When inbound traffic to Bugzilla goes through a proxy,"
_ " Bugzilla thinks that the IP address of every single"
_ " that is not the same as <var>urlbase</var> or <var>sslbase</var>."
_ " That is, a different domain name that resolves to this exact"
_ " same Bugzilla installation.</p>"
- _ "<p>Note that if you have set the"
- _ " <a href=\"editparams.cgi?section=advanced#cookiedomain_desc\"><var>cookiedomain</var>"
- _" parameter</a>, you should set <var>attachment_base</var> to use a"
- _ " domain that would <em>not</em> be matched by"
- _ " <var>cookiedomain</var>.</p>"
_ "<p>For added security, you can insert <var>%bugid%</var> into the URL,"
_ " which will be replaced with the ID of the current $terms.bug that"
_ " the attachment is on, when you access an attachment. This will limit"
projects / thirdparty / bugzilla.git / commitdiff
