]> source.dussan.org Git - gitea.git/commit
projects / gitea.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 3c53740) | patch
Use secure cookie for HTTPS sites (#26999) (#27013)
authorwxiaoguang <wxiaoguang@gmail.com>
Mon, 11 Sep 2023 09:59:00 +0000 (17:59 +0800)
committerGitHub <noreply@github.com>
Mon, 11 Sep 2023 09:59:00 +0000 (09:59 +0000)
commitb0a405c5fad2055976747a1c8b2c48dfe2750c9f
tree01216b0f6922c6d4572446d6b5da486782d21b40tree | snapshot
parent3c53740244e175a253411c8fedcc1d3fff19ea7acommit | diff
Use secure cookie for HTTPS sites (#26999) (#27013)

Backport #26999

If the AppURL(ROOT_URL) is an HTTPS URL, then the COOKIE_SECURE's
default value should be true.

And, if a user visits an "http" site with "https" AppURL, they won't be
able to login, and they should have been warned. The only problem is
that the "language" can't be set either in such case, while I think it
is not a serious problem, and it could be fixed easily if needed.
custom/conf/app.example.ini diff | blob | history
docs/content/administration/config-cheat-sheet.en-us.md diff | blob | history
docs/content/administration/config-cheat-sheet.zh-cn.md diff | blob | history
modules/setting/session.go diff | blob | history
Git with a cup of tea! Painless self-hosted all-in-one software development service, including Git hosting, code review, team collaboration, package registry and CI/CD: https://github.com/go-gitea/gitea