You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@couchdb.apache.org by rn...@apache.org on 2021/12/06 13:52:25 UTC

[couchdb] branch delete-session-cookie-samesite-3.x updated (0bf4738 -> b59d65e)

This is an automated email from the ASF dual-hosted git repository.

rnewson pushed a change to branch delete-session-cookie-samesite-3.x
in repository https://gitbox.apache.org/repos/asf/couchdb.git.


 discard 0bf4738  Add SameSite setting when clearing session cookie
 discard 3f99c4e  [unrelated] improve erlang_ls.config
     new b59d65e  Add SameSite setting when clearing session cookie

This update added new revisions after undoing existing revisions.
That is to say, some revisions that were in the old version of the
branch are not in the new version.  This situation occurs
when a user --force pushes a change and generates a repository
containing something like this:

 * -- * -- B -- O -- O -- O   (0bf4738)
            \
             N -- N -- N   refs/heads/delete-session-cookie-samesite-3.x (b59d65e)

You should already have received notification emails for all of the O
revisions, and so the following emails describe only the N revisions
from the common base, B.

Any revisions marked "omit" are not gone; other references still
refer to them.  Any revisions marked "discard" are gone forever.

The 1 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.


Summary of changes:
 erlang_ls.config | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

[couchdb] 01/01: Add SameSite setting when clearing session cookie

Posted by rn...@apache.org.

This is an automated email from the ASF dual-hosted git repository.

rnewson pushed a commit to branch delete-session-cookie-samesite-3.x
in repository https://gitbox.apache.org/repos/asf/couchdb.git

commit b59d65e68fa22f8562d84e575f36c6035f303130
Author: Robert Newson <rn...@apache.org>
AuthorDate: Mon Dec 6 13:48:25 2021 +0000

    Add SameSite setting when clearing session cookie
---
 src/couch/src/couch_httpd_auth.erl | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/couch/src/couch_httpd_auth.erl b/src/couch/src/couch_httpd_auth.erl
index 7bcb85f..757f055 100644
--- a/src/couch/src/couch_httpd_auth.erl
+++ b/src/couch/src/couch_httpd_auth.erl
@@ -509,7 +509,7 @@ handle_session_req(#httpd{method = 'DELETE'} = Req, _AuthModule) ->
         "AuthSession",
         "",
         [{path, "/"}] ++
-            cookie_domain() ++ cookie_scheme(Req)
+            cookie_domain() ++ cookie_scheme(Req) ++ same_site()
     ),
     {Code, Headers} =
         case couch_httpd:qs_value(Req, "next", nil) of