[phpMyAdmin Git] [phpmyadmin/phpmyadmin] 7adff6: Indicate when HTTPS is not properly reported on th...

21 Mar 2017

  Branch: refs/heads/master
  Home:   https://github.com/phpmyadmin/phpmyadmin
  Commit: 7adff6b57c648200e27f17f9b412ba30584c6878

https://github.com/phpmyadmin/phpmyadmin/commit/7adff6b57c648200e27f17f9b41…
  Author: Michal Čihař &lt;michal(a)cihar.com&gt;
  Date:   2017-03-21 (Tue, 21 Mar 2017)

  Changed paths:
    M ChangeLog
    M js/functions.js
    M libraries/Header.php
    M libraries/plugins/auth/AuthenticationCookie.php

  Log Message:
  -----------
  Indicate when HTTPS is not properly reported on the server

This can happen in both directions which both can have undesired side
effects:

- when server thinks it's serving HTTPS, but it's not, the cookies are
  set as secure and thus never returned back by client
- whene server thinks it's not serving HTTPS, the secure flag for
  cookies is not set, making it possible to leak them over HTTP

Fixes #13110

Signed-off-by: Michal Čihař &lt;michal(a)cihar.com&gt;

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

[phpMyAdmin Git] [phpmyadmin/phpmyadmin] 7adff6: Indicate when HTTPS is not properly reported on th...