]> source.dussan.org Git - gitblit.git/commit
projects / gitblit.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: d10fe0d) | patch
Set secure user cookies and only for HTTP.
authorFlorian Zschocke <florian.zschocke@devolo.de>
Sat, 10 Dec 2016 09:57:45 +0000 (10:57 +0100)
committerFlorian Zschocke <florian.zschocke@devolo.de>
Sat, 10 Dec 2016 09:57:45 +0000 (10:57 +0100)
commit90a8d1af6c202c8efcca5a0fdaf341494cb0b8eb
treebd9f0f4bc67cdb5a2dbffe7500e9432331698df3tree | snapshot
parentd10fe0d8fd614f6ae6606179b0326bdc6a5f6af8commit | diff
Set secure user cookies and only for HTTP.

Mark the user authentication cookie to be only used for HTTP, making
it inaccessible for JavaScript engines.

If only HTTPS is used and no HTTP (i.e. also if HTTP is redirected to
HTTPS) then mark the user cookie to be sent only over secure connections.
src/main/java/com/gitblit/manager/AuthenticationManager.java diff | blob | history
Pure java git solution: https://github.com/gitblit-org/gitblit