Branch: refs/heads/master Home: https://github.com/phpmyadmin/phpmyadmin Commit: 7adff6b57c648200e27f17f9b412ba30584c6878 https://github.com/phpmyadmin/phpmyadmin/commit/7adff6b57c648200e27f17f9b412... Author: Michal Čihař michal@cihar.com Date: 2017-03-21 (Tue, 21 Mar 2017)
Changed paths: M ChangeLog M js/functions.js M libraries/Header.php M libraries/plugins/auth/AuthenticationCookie.php
Log Message: ----------- Indicate when HTTPS is not properly reported on the server
This can happen in both directions which both can have undesired side effects:
- when server thinks it's serving HTTPS, but it's not, the cookies are set as secure and thus never returned back by client - whene server thinks it's not serving HTTPS, the secure flag for cookies is not set, making it possible to leak them over HTTP
Fixes #13110
Signed-off-by: Michal Čihař michal@cihar.com