Skip to content

Commit

Permalink
ITC-3039 Set all cookies with secure=true. Many thanks to https://git…
Browse files Browse the repository at this point in the history
…hub.com/uonghoangminhchau for reporting this
  • Loading branch information
nook24 committed Jun 15, 2023
1 parent 1b96605 commit 6c717f3
Show file tree
Hide file tree
Showing 5 changed files with 11 additions and 184 deletions.
1 change: 1 addition & 0 deletions config/routes.php
Expand Up @@ -56,6 +56,7 @@
// Register scoped middleware for in scopes.
$csrf = new CsrfProtectionMiddleware([
'httponly' => true,
'secure' => true
]);

// Token check will be skipped when callback returns `true`.
Expand Down
7 changes: 5 additions & 2 deletions src/Application.php
Expand Up @@ -111,7 +111,8 @@ public function bootstrap(): void {
public function routes($routes): void {
// Register scoped middleware for use in routes.php
$routes->registerMiddleware('csrf', new CsrfProtectionMiddleware([
'httponly' => true
'httponly' => true,
'secure' => true
]));

parent::routes($routes);
Expand Down Expand Up @@ -189,7 +190,9 @@ public function getAuthenticationService(ServerRequestInterface $request): Authe
'rememberMeField' => 'remember_me',
'fields' => $fields,
'cookie' => [
'expires' => $expireAt
'expires' => $expireAt,
'httponly' => true,
'secure' => true
]
]);
$service->loadAuthenticator('Authentication.Session');
Expand Down
4 changes: 3 additions & 1 deletion src/Controller/StatisticsController.php
Expand Up @@ -98,7 +98,9 @@ public function saveStatisticDecision() {
'askAgainForHelp',
'Remind me later',
new \DateTime('+16 hours'),
'/'
'/',
null,
true
));
}

Expand Down
179 changes: 0 additions & 179 deletions src/itnovum/openITCOCKPIT/Core/Security/CSRF.php

This file was deleted.

Expand Up @@ -312,12 +312,12 @@ angular.module('openITCOCKPIT')
});

$scope.setXdebugCookie = function(){
$.cookie('XDEBUG_TRIGGER', 'true');
$.cookie('XDEBUG_TRIGGER', 'true', {secure: true});
$scope.hasXdebugCookie = true;
};

$scope.removeXdebugCookie = function(){
$.removeCookie('XDEBUG_TRIGGER');
$.removeCookie('XDEBUG_TRIGGER', {secure: true});
$scope.hasXdebugCookie = false;
};

Expand Down

0 comments on commit 6c717f3

Please sign in to comment.