Backport #26999 If the AppURL(ROOT_URL) is an HTTPS URL, then the COOKIE_SECURE's default value should be true. And, if a user visits an "http" site with "https" AppURL, they won't be able to login, and they should have been warned. The only problem is that the "language" can't be set either in such case, while I think it is not a serious problem, and it could be fixed easily if needed.
This commit is contained in:
wxiaoguang
GitHub
parent
3c53740244
commit
b0a405c5fa
4 changed files with 5 additions and 5 deletions
|
|
@ -50,7 +50,7 @@ func loadSessionFrom(rootCfg ConfigProvider) {
|
|||
}
|
||||
SessionConfig.CookieName = sec.Key("COOKIE_NAME").MustString("i_like_gitea")
|
||||
SessionConfig.CookiePath = AppSubURL + "/" // there was a bug, old code only set CookePath=AppSubURL, no trailing slash
|
||||
SessionConfig.Secure = sec.Key("COOKIE_SECURE").MustBool(false)
|
||||
SessionConfig.Secure = sec.Key("COOKIE_SECURE").MustBool(strings.HasPrefix(strings.ToLower(AppURL), "https://"))
|
||||
SessionConfig.Gclifetime = sec.Key("GC_INTERVAL_TIME").MustInt64(86400)
|
||||
SessionConfig.Maxlifetime = sec.Key("SESSION_LIFE_TIME").MustInt64(86400)
|
||||
SessionConfig.Domain = sec.Key("DOMAIN").String()
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue