forgejo

History

wxiaoguang 8f6d442a04 Use secure cookie for HTTPS sites (#26999 ) (#27013 ) Backport #26999 If the AppURL(ROOT_URL) is an HTTPS URL, then the COOKIE_SECURE's default value should be true. And, if a user visits an "http" site with "https" AppURL, they won't be able to login, and they should have been warned. The only problem is that the "language" can't be set either in such case, while I think it is not a serious problem, and it could be fixed easily if needed. (cherry picked from commit b0a405c5fad2055976747a1c8b2c48dfe2750c9f)	2023-09-20 12:50:46 +02:00
..
app.example.ini	Use secure cookie for HTTPS sites (#26999 ) (#27013 )	2023-09-20 12:50:46 +02:00

Use secure cookie for HTTPS sites (#26999 ) (#27013 )

Backport #26999

If the AppURL(ROOT_URL) is an HTTPS URL, then the COOKIE_SECURE's
default value should be true.

And, if a user visits an "http" site with "https" AppURL, they won't be
able to login, and they should have been warned. The only problem is
that the "language" can't be set either in such case, while I think it
is not a serious problem, and it could be fixed easily if needed.

(cherry picked from commit b0a405c5fad2055976747a1c8b2c48dfe2750c9f)

2023-09-20 12:50:46 +02:00

app.example.ini

Use secure cookie for HTTPS sites (#26999 ) (#27013 )

2023-09-20 12:50:46 +02:00