Skip to content

COOKIE_SECURE doesn't flag _csrf cookie as 'Secure' #1734

New issue
New issue
Closed
#3839
Closed
COOKIE_SECURE doesn't flag _csrf cookie as 'Secure'#1734
#3839
Labels
topic/securitySomething leaks user information or is otherwise vulnerable. Should be fixed!
Milestone
1.5.0
@eripa

Description

@eripa
eripa
opened on May 16, 2017
  • Gitea version (or commit ref): 1.1.1
  • Git version: 2.1.4
  • Operating system: Debian GNU/Linux 8.8 (jessie) x86_4
  • Database:
    • PostgreSQL
    • MySQL
    • MSSQL
    • SQLite
  • Can you reproduce the bug at https://try.gitea.io:
    • Yes (provide example URL)
    • No
    • Not relevant
  • Log gist:

Description

I was under the impression that setting COOKIE_SECURE to true will make all cookies have the 'Secure' flag set. However it only seem to apply to the i_like_gitea cookie.

https://try.gitea.io doesn't seem to be configured with COOKIE_SECURE.

Metadata

Metadata

Assignees

No one assigned

    Labels

    topic/securitySomething leaks user information or is otherwise vulnerable. Should be fixed!

    Type

    No type

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions