Paths

Table of Contentst

Fix issue where accessing HTTP domain would override HTTPS cookie
ClosedPublic
Actions

Authored by hach-que on Feb 15 2014, 1:00 AM.

Tags

None

Referenced Files

	F13989336: D8244.id.diff
	Mon, Oct 21, 7:49 PM

	F13974311: D8244.id19614.diff
	Oct 18 2024, 5:04 AM

	Unknown Object (File)
	Oct 2 2024, 4:09 AM

	Unknown Object (File)
	Sep 20 2024, 4:47 AM

	Unknown Object (File)
	Sep 4 2024, 11:59 PM

	Unknown Object (File)
	Aug 29 2024, 3:16 AM

	Unknown Object (File)
	Aug 28 2024, 6:35 AM

	Unknown Object (File)
	Aug 26 2024, 4:45 AM

Subscribers

Details

Reviewers

epriestley

Group Reviewers

Blessed Reviewers

Maniphest Tasks

T4425: Users are signed out if visiting HTTP when Phabricator is configured for HTTPS

Commits

Restricted Diffusion Commit
rP569a5be5617f: Fix issue where accessing HTTP domain would override HTTPS cookie

Summary

This fixes an issue where visiting http://code.redpointsoftware.com.au/ would log you out of https://code.redpointsoftware.com.au/

Test Plan

Applied this patch to a live server and saw the issue go away.

Diff Detail

Lint

Lint Skipped

Unit

Tests Skipped

Event Timeline

Hmm.. maybe it's cleaner for the PhabricatorRedirectController not to try to write this cookie? I think the simplest fix would be to extend it from AphrontController instead of PhabricatorController. I think it's executing a lot of logic which is at best useless and at worst bad (as here) by running through PhabricatorController::willBeginExecution().

I suppose this is probably worth having as a safety net in any case, since it's definitely correct, it's just a bit odd that we can end up here.

Closed by commit rP569a5be5617f (authored by @hach-que).

Revision Contents
Changeset List

Path

Size

src/

aphront/

AphrontRequest.php

5 lines

Diff 19616

View Options

src/aphront/AphrontRequest.php

Fix issue where accessing HTTP domain would override HTTPS cookieClosedPublicActions