summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorFlorian Zschocke <florian.zschocke@devolo.de>2016-12-10 11:30:28 +0100
committerFlorian Zschocke <florian.zschocke@devolo.de>2016-12-10 11:30:28 +0100
commit60099a42faf7c34edb4651253cdb1a7723fbf029 (patch)
tree69d5267a8084c1941591918cd8108df97671ad2c
parent90a8d1af6c202c8efcca5a0fdaf341494cb0b8eb (diff)
downloadgitblit-merged--secureCookies.tar.gz
gitblit-merged--secureCookies.zip
Set secure session cookies when redirecting from HTTP to HTTPS.merged--secureCookies
So far for session cookies the secure property was only set when no HTTP port was opened. This changes to also set it when HTTP is redirected to the HTTPS port.
-rw-r--r--src/main/java/com/gitblit/GitBlitServer.java3
1 files changed, 2 insertions, 1 deletions
diff --git a/src/main/java/com/gitblit/GitBlitServer.java b/src/main/java/com/gitblit/GitBlitServer.java
index d56d9c0c..6123a872 100644
--- a/src/main/java/com/gitblit/GitBlitServer.java
+++ b/src/main/java/com/gitblit/GitBlitServer.java
@@ -375,7 +375,8 @@ public class GitBlitServer {
HashSessionManager sessionManager = new HashSessionManager();
sessionManager.setHttpOnly(true);
// Use secure cookies if only serving https
- sessionManager.setSecureRequestOnly(params.port <= 0 && params.securePort > 0);
+ sessionManager.setSecureRequestOnly( (params.port <= 0 && params.securePort > 0) ||
+ (params.port > 0 && params.securePort > 0 && settings.getBoolean(Keys.server.redirectToHttpsPort, true)) );
rootContext.getSessionHandler().setSessionManager(sessionManager);
// Ensure there is a defined User Service