Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Don't enable secure cookies when they won't work #9971

Merged
merged 3 commits into from Mar 17, 2019

Conversation

Projects
None yet
1 participant
@murrant
Copy link
Member

commented Mar 15, 2019

secure cookies only work when accessing the page via https.
That is done automatically already...
So users setting the config setting essentially were breaking their installs for now benefit.
Don't allow that to happen anymore. The only valid secure_cookies setting now is false, which will disable them.

Again, this setting will be unused once we fully remove the php session.

DO NOT DELETE THIS TEXT

Please note

Please read this information carefully. You can run ./scripts/pre-commit.php to check your code before submitting.

Testers

If you would like to test this pull request then please run: ./scripts/github-apply <pr_id>, i.e ./scripts/github-apply 5926
After you are done testing, you can remove the changes with ./scripts/github-remove. If there are schema changes, you can ask on discord how to revert.

murrant added some commits Mar 15, 2019

Ignore session.cookie_secure errors
They happen if the session is already started.

@murrant murrant changed the title Ignore session.cookie_secure errors Don't enable secure cookies when they won't work Mar 17, 2019

@murrant murrant added the Bug 🐞 label Mar 17, 2019

@murrant murrant merged commit 1cfe4ea into librenms:master Mar 17, 2019

5 of 6 checks passed

codeclimate Code Climate encountered an error attempting to analyze this pull request.
Details
Inspection Summary
Details
Node: analysis
Details
Travis CI - Pull Request Build Passed
Details
WIP Ready for review
Details
license/cla Contributor License Agreement is signed.
Details

@murrant murrant deleted the murrant:ignore-cookie branch Mar 17, 2019

funzoneq added a commit to funzoneq/librenms that referenced this pull request Apr 30, 2019

Don't enable secure cookies when they won't work (librenms#9971)
* Ignore session.cookie_secure errors
They happen if the session is already started.

* Don't allow secure cookies to be enabled when not accessing via https

* Completely remove the setting

@lock lock bot locked as resolved and limited conversation to collaborators May 16, 2019

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
You can’t perform that action at this time.