Paths

Table of Contentst

Fix issue where accessing HTTP domain would override HTTPS cookie
ClosedPublic
Actions

Authored by hach-que on Feb 15 2014, 1:00 AM.

Tags

None

Referenced Files

	F18794417: D8244.id.diff
	Thu, Oct 16, 11:35 PM

	F18788512: D8244.diff
	Wed, Oct 15, 5:15 AM

	F18630844: D8244.diff
	Sep 16 2025, 1:22 PM

	F18618053: D8244.id.diff
	Sep 14 2025, 11:03 PM

	F18598713: D8244.diff
	Sep 13 2025, 5:40 AM

	F18055196: D8244.id.diff
	Aug 4 2025, 7:08 AM

	Unknown Object (File)
	Jun 16 2025, 10:38 PM

	Unknown Object (File)
	May 7 2025, 2:25 PM

Subscribers

Details

Reviewers

epriestley

Group Reviewers

Blessed Reviewers

Maniphest Tasks

T4425: Users are signed out if visiting HTTP when Phabricator is configured for HTTPS

Commits

Restricted Diffusion Commit
rP569a5be5617f: Fix issue where accessing HTTP domain would override HTTPS cookie

Summary

This fixes an issue where visiting http://code.redpointsoftware.com.au/ would log you out of https://code.redpointsoftware.com.au/

Test Plan

Applied this patch to a live server and saw the issue go away.

Diff Detail

Lint

Lint Skipped

Unit

Tests Skipped

Event Timeline

Hmm.. maybe it's cleaner for the PhabricatorRedirectController not to try to write this cookie? I think the simplest fix would be to extend it from AphrontController instead of PhabricatorController. I think it's executing a lot of logic which is at best useless and at worst bad (as here) by running through PhabricatorController::willBeginExecution().

I suppose this is probably worth having as a safety net in any case, since it's definitely correct, it's just a bit odd that we can end up here.

Closed by commit rP569a5be5617f (authored by @hach-que).

Revision Contents
Changeset List

Path

Size

src/

aphront/

AphrontRequest.php

5 lines

Diff 19616

View Options

src/aphront/AphrontRequest.php

Fix issue where accessing HTTP domain would override HTTPS cookieClosedPublicActions