Branch: refs/heads/master Home: https://github.com/phpmyadmin/phpmyadmin Commit: 7adff6b57c648200e27f17f9b412ba30584c6878 https://github.com/phpmyadmin/phpmyadmin/commit/7adff6b57c648200e27f17f9b412... Author: Michal Čihař <michal@cihar.com> Date: 2017-03-21 (Tue, 21 Mar 2017) Changed paths: M ChangeLog M js/functions.js M libraries/Header.php M libraries/plugins/auth/AuthenticationCookie.php Log Message: ----------- Indicate when HTTPS is not properly reported on the server This can happen in both directions which both can have undesired side effects: - when server thinks it's serving HTTPS, but it's not, the cookies are set as secure and thus never returned back by client - whene server thinks it's not serving HTTPS, the secure flag for cookies is not set, making it possible to leak them over HTTP Fixes #13110 Signed-off-by: Michal Čihař <michal@cihar.com>