Permalink
Browse files

Request secure cookie transmission for HTTPS

If cookies are not marked as secure, they can be sent
back by the client on unencrypted channels, disclosing
information. With this fix, clients are requested to
send cookies back on a secure channel in case HTTPS is
used.
  • Loading branch information...
1 parent 16261f7 commit eda4426085967988c5266f94005723e6fd5d86ad @MartinNowack MartinNowack committed Aug 1, 2013
Showing with 1 addition and 1 deletion.
  1. +1 −1 src/HTTPSock.cpp
View
@@ -645,7 +645,7 @@ bool CHTTPSock::PrintHeader(off_t uContentLength, const CString& sContentType, u
MCString::iterator it;
for (it = m_msResponseCookies.begin(); it != m_msResponseCookies.end(); ++it) {
- Write("Set-Cookie: " + it->first.Escape_n(CString::EURL) + "=" + it->second.Escape_n(CString::EURL) + "; path=/;\r\n");
+ Write("Set-Cookie: " + it->first.Escape_n(CString::EURL) + "=" + it->second.Escape_n(CString::EURL) + "; path=/;" + (GetSSL() ? "Secure;" : "") + "\r\n");
}
for (it = m_msHeaders.begin(); it != m_msHeaders.end(); ++it) {

0 comments on commit eda4426

Please sign in to comment.