summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDylan William Hardison <dylan@hardison.net>2017-03-06 01:50:01 +0100
committerDylan William Hardison <dylan@hardison.net>2017-03-26 04:00:07 +0200
commitdfb688869062b955488057144eaa99f5c91cea28 (patch)
treeebed3e26221db75d5a6c89b1a2e79376a6ac5f8c
parentb15cb6e72d47026150c91af9918706ceb5c77109 (diff)
downloadbugzilla-dfb688869062b955488057144eaa99f5c91cea28.tar.gz
bugzilla-dfb688869062b955488057144eaa99f5c91cea28.tar.xz
Bug 1342795 - When urlbase is https, force the secure flag to be set on cookies.
-rw-r--r--Bugzilla/CGI.pm5
-rw-r--r--Bugzilla/Util.pm1
2 files changed, 5 insertions, 1 deletions
diff --git a/Bugzilla/CGI.pm b/Bugzilla/CGI.pm
index 14a9a5720..edfc7ba70 100644
--- a/Bugzilla/CGI.pm
+++ b/Bugzilla/CGI.pm
@@ -332,7 +332,10 @@ sub header {
&& !$self->cookie('Bugzilla_login_request_cookie'))
{
my %args;
- $args{'-secure'} = 1 if Bugzilla->params->{ssl_redirect};
+ my $params = Bugzilla->params;
+ if ($params->{ssl_redirect} || $params->{urlbase} =~ /^https/i) {
+ $args{'-secure'} = 1;
+ }
$self->send_cookie(-name => 'Bugzilla_login_request_cookie',
-value => generate_random_password(),
diff --git a/Bugzilla/Util.pm b/Bugzilla/Util.pm
index d2be18431..fcd4aff91 100644
--- a/Bugzilla/Util.pm
+++ b/Bugzilla/Util.pm
@@ -272,6 +272,7 @@ sub i_am_webservice {
# (doing so can mess up XML-RPC).
sub do_ssl_redirect_if_required {
return if !i_am_cgi();
+ return if Bugzilla->params->{urlbase} =~ /^https/i;
return if !Bugzilla->params->{'ssl_redirect'};
return if !Bugzilla->params->{'sslbase'};