Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

set some security options on cookies #2825

Merged
merged 1 commit into from Oct 7, 2021
Merged

set some security options on cookies #2825

merged 1 commit into from Oct 7, 2021

Conversation

kevinpapst
Copy link
Member

Description

The first one might be a BC break when terminating HTTPS in front of Kimai.

  • cookie_secure: auto (when using https = true, with http = false)
  • cookie_httponly: true
  • cookie_samesite: lax (strict should work as well, but let's start one step after another)

Types of changes

  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to change)

Checklist

  • I verified that my code applies to the guidelines (composer code-check)
  • I agree that this code is used in Kimai and will be published under the MIT license

@kevinpapst kevinpapst added this to the 1.15.4 milestone Oct 7, 2021
@kevinpapst kevinpapst merged commit 84e2585 into master Oct 7, 2021
@kevinpapst kevinpapst deleted the cookie-security branch October 7, 2021 10:40
@github-actions github-actions bot locked and limited conversation to collaborators Apr 6, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
feature request security
Milestone
1.15.4
Development

Successfully merging this pull request may close these issues.

None yet
1 participant
@kevinpapst