diff options
author | Florian Zschocke <florian.zschocke@devolo.de> | 2016-12-10 11:30:28 +0100 |
---|---|---|
committer | Florian Zschocke <florian.zschocke@devolo.de> | 2016-12-10 11:30:28 +0100 |
commit | 60099a42faf7c34edb4651253cdb1a7723fbf029 (patch) | |
tree | 69d5267a8084c1941591918cd8108df97671ad2c /src/main | |
parent | 90a8d1af6c202c8efcca5a0fdaf341494cb0b8eb (diff) | |
download | gitblit-60099a42faf7c34edb4651253cdb1a7723fbf029.tar.gz gitblit-60099a42faf7c34edb4651253cdb1a7723fbf029.zip |
Set secure session cookies when redirecting from HTTP to HTTPS.merged--secureCookies
So far for session cookies the secure property was only set when no
HTTP port was opened. This changes to also set it when HTTP is redirected
to the HTTPS port.
Diffstat (limited to 'src/main')
-rw-r--r-- | src/main/java/com/gitblit/GitBlitServer.java | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/src/main/java/com/gitblit/GitBlitServer.java b/src/main/java/com/gitblit/GitBlitServer.java index d56d9c0c..6123a872 100644 --- a/src/main/java/com/gitblit/GitBlitServer.java +++ b/src/main/java/com/gitblit/GitBlitServer.java @@ -375,7 +375,8 @@ public class GitBlitServer { HashSessionManager sessionManager = new HashSessionManager(); sessionManager.setHttpOnly(true); // Use secure cookies if only serving https - sessionManager.setSecureRequestOnly(params.port <= 0 && params.securePort > 0); + sessionManager.setSecureRequestOnly( (params.port <= 0 && params.securePort > 0) || + (params.port > 0 && params.securePort > 0 && settings.getBoolean(Keys.server.redirectToHttpsPort, true)) ); rootContext.getSessionHandler().setSessionManager(sessionManager); // Ensure there is a defined User Service |