Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add secure/httpOnly attributes to the lang cookie (#9690) #14279

Merged
merged 1 commit into from
Jan 7, 2021
Merged

Add secure/httpOnly attributes to the lang cookie (#9690) #14279

merged 1 commit into from
Jan 7, 2021

Conversation

tgurr
Copy link
Contributor

@tgurr tgurr commented Jan 7, 2021

CookieHttpOnly true like for the gitea (i_like_gitea) cookie, Secure honors the COOKIE_SECURE ini option. Fixes #9690.

@GiteaBot GiteaBot added the lgtm/need 1 This PR needs approval from one additional maintainer to be merged. label Jan 7, 2021
@lunny lunny added the topic/security Something leaks user information or is otherwise vulnerable. Should be fixed! label Jan 7, 2021
@GiteaBot GiteaBot added lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. and removed lgtm/need 1 This PR needs approval from one additional maintainer to be merged. labels Jan 7, 2021
@6543 6543 merged commit c1e30c9 into go-gitea:master Jan 7, 2021
6543 pushed a commit to 6543-forks/gitea that referenced this pull request Jan 7, 2021
@6543
Copy link
Member

6543 commented Jan 7, 2021

backport: -> #14280

@6543 6543 added the backport/done All backports for this PR have been created label Jan 7, 2021
6543 added a commit that referenced this pull request Jan 7, 2021
* Add secure/httpOnly attributes to the lang cookie (#9690) (#14279)

* apply to InitLocales() too

Co-authored-by: Timo Gurr <timo.gurr@gmail.com>
a1012112796 added a commit to a1012112796/gitea that referenced this pull request Jan 14, 2021
* master: (252 commits)
  Issues overview should not show issues from archived repos (go-gitea#13220)
  Display SVG files as images instead of text (go-gitea#14101)
  [skip ci] Updated translations via Crowdin
  Update docs to clarify issues raised in go-gitea#14272 (go-gitea#14318)
  [skip ci] Updated translations via Crowdin
  [Refactor] Passwort Hash/Set (go-gitea#14282)
  Add option to change username to the admin panel (go-gitea#14229)
  fix mailIssueCommentBatch for pull request (go-gitea#14252)
  Remove self from MAINTAINERS (go-gitea#14286)
  Do not reload page after adding comments in Pull Request reviews (go-gitea#13877)
  Fix session bug when introduce chi (go-gitea#14287)
  [skip ci] Updated translations via Crowdin
  Add secure/httpOnly attributes to the lang cookie (go-gitea#9690) (go-gitea#14279)
  Some code improvements (go-gitea#14266)
  [skip ci] Updated translations via Crowdin
  Fix wrong type on hooktask to convert typ from char(16) to varchar(16) (go-gitea#14148)
  Upgrade XORM links in documentation. (go-gitea#14265)
  Check permission for the appropriate unit type (go-gitea#14261)
  Add compliance check for windows to ensure cross platform build (go-gitea#14260)
  [skip ci] Updated translations via Crowdin
  ...
@go-gitea go-gitea locked and limited conversation to collaborators Feb 11, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
backport/done All backports for this PR have been created lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. topic/security Something leaks user information or is otherwise vulnerable. Should be fixed!
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Lang cookie missing secure/httpOnly attributes
4 participants