HomePhabricator
Diffusion Phabricator 11786fb1cc84

Don't try to set anonymous session cookie on CDN/file domain
11786fb1cc84
Actions

Description

Don't try to set anonymous session cookie on CDN/file domain

Summary:
Ref T2380. If an install has a CDN domain configured, but does not list it as an alternate domain (which is standard/correct, but not incredibly common, see T2380), we'll currently try to set anonymous cookies on it. These will correctly fail security rules.

Instead, don't try to set these cookies.

I missed this in testing yesterday because I have a file domain, but I also have it configured as an alternate domain, which allows cookies to be set. Generally, domain management is due for some refactoring.

Test Plan: Set file domain but not as an alternate, logged out, nuked file domain cookies, reloaded page. No error after patch.

Reviewers: btrahan, csilvers

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T2380

Differential Revision: https://secure.phabricator.com/D8057

Details

Provenance
epriestleyAuthored on
epriestleyPushed on Jan 24 2014, 8:29 PM
Reviewer
btrahan
Differential Revision
D8057: Don't try to set anonymous session cookie on CDN/file domain
Parents
rP2735229e3319: Modernize README
Branches
Unknown
Tags
Unknown
Tasks
Restricted Maniphest Task

Event Timeline

Changes (2)

PathSize
src/
aphront/
applications/
base/
controller/

rP11786fb1cc84

View Options

src/aphront/AphrontRequest.php

Loading...
View Options

src/applications/base/controller/PhabricatorController.php

Loading...
Phabricator ยท Built by Phacility