You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@allura.apache.org by ke...@apache.org on 2020/06/08 15:27:25 UTC
[allura] 02/03: fixup! [#8362] Add secure attr to session cookie
This is an automated email from the ASF dual-hosted git repository.
kentontaylor pushed a commit to branch kt/8362
in repository https://gitbox.apache.org/repos/asf/allura.git
commit 25737e23a26adb4a26c04b3062fb81e54c885f11
Author: Kenton Taylor <kt...@slashdotmedia.com>
AuthorDate: Tue Jun 2 15:05:41 2020 +0000
fixup! [#8362] Add secure attr to session cookie
---
Allura/allura/lib/custom_middleware.py | 3 ++-
Allura/allura/lib/decorators.py | 2 +-
Allura/allura/lib/plugin.py | 1 +
3 files changed, 4 insertions(+), 2 deletions(-)
diff --git a/Allura/allura/lib/custom_middleware.py b/Allura/allura/lib/custom_middleware.py
index 521ad05..649b978 100644
--- a/Allura/allura/lib/custom_middleware.py
+++ b/Allura/allura/lib/custom_middleware.py
@@ -214,9 +214,10 @@ class CSRFMiddleware(object):
def session_start_response(status, headers, exc_info=None):
if dict(headers).get('Content-Type', '').startswith('text/html'):
+ use_secure = 'secure; ' if environ['beaker.session'].secure else ''
headers.append(
(str('Set-cookie'),
- str('%s=%s; secure; Path=/' % (self._cookie_name, cookie))))
+ str('%s=%s; %sPath=/' % (self._cookie_name, cookie, use_secure))))
return start_response(status, headers, exc_info)
return self._app(environ, session_start_response)
diff --git a/Allura/allura/lib/decorators.py b/Allura/allura/lib/decorators.py
index a4b9bd2..7eaeb22 100644
--- a/Allura/allura/lib/decorators.py
+++ b/Allura/allura/lib/decorators.py
@@ -219,7 +219,7 @@ def memorable_forget():
:param raised: any error (redirect or exception) raised by the controller action
"""
if _ok_to_forget(response, controller_result, raised):
- response.set_cookie('memorable_forget', request.path)
+ response.set_cookie('memorable_forget', request.path, secure=request.environ['beaker.session'].secure)
@decorator
def _inner(func, *args, **kwargs):
diff --git a/Allura/allura/lib/plugin.py b/Allura/allura/lib/plugin.py
index a79750c..86bb0b5 100644
--- a/Allura/allura/lib/plugin.py
+++ b/Allura/allura/lib/plugin.py
@@ -1554,6 +1554,7 @@ class ThemeProvider(object):
response.set_cookie(
'site-notification',
set_cookie,
+ secure=request.environ['beaker.session'].secure,
max_age=timedelta(days=365))
return note