diff options
| author | Dylan William Hardison <dylan@hardison.net> | 2017-03-06 01:50:01 +0100 |
|---|---|---|
| committer | Dylan William Hardison <dylan@hardison.net> | 2017-03-26 04:00:07 +0200 |
| commit | dfb688869062b955488057144eaa99f5c91cea28 (patch) | |
| tree | ebed3e26221db75d5a6c89b1a2e79376a6ac5f8c /Bugzilla/CGI.pm | |
| parent | b15cb6e72d47026150c91af9918706ceb5c77109 (diff) | |
| download | bugzilla-dfb688869062b955488057144eaa99f5c91cea28.tar.gz bugzilla-dfb688869062b955488057144eaa99f5c91cea28.tar.xz | |
Bug 1342795 - When urlbase is https, force the secure flag to be set on cookies.
Diffstat (limited to 'Bugzilla/CGI.pm')
| -rw-r--r-- | Bugzilla/CGI.pm | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/Bugzilla/CGI.pm b/Bugzilla/CGI.pm index 14a9a5720..edfc7ba70 100644 --- a/Bugzilla/CGI.pm +++ b/Bugzilla/CGI.pm @@ -332,7 +332,10 @@ sub header { && !$self->cookie('Bugzilla_login_request_cookie')) { my %args; - $args{'-secure'} = 1 if Bugzilla->params->{ssl_redirect}; + my $params = Bugzilla->params; + if ($params->{ssl_redirect} || $params->{urlbase} =~ /^https/i) { + $args{'-secure'} = 1; + } $self->send_cookie(-name => 'Bugzilla_login_request_cookie', -value => generate_random_password(), |