90a8d1af6c202c8efcca5a0fdaf341494cb0b8eb - gitblit

commit	90a8d1af6c202c8efcca5a0fdaf341494cb0b8eb	[log] [tgz]
author	Florian Zschocke <florian.zschocke@devolo.de>	Sat Dec 10 10:57:45 2016 +0100
committer	Florian Zschocke <florian.zschocke@devolo.de>	Sat Dec 10 10:57:45 2016 +0100
tree	bd9f0f4bc67cdb5a2dbffe7500e9432331698df3
parent	d10fe0d8fd614f6ae6606179b0326bdc6a5f6af8 [diff]

Set secure user cookies and only for HTTP.

Mark the user authentication cookie to be only used for HTTP, making
it inaccessible for JavaScript engines.


If only HTTPS is used and no HTTP (i.e. also if HTTP is redirected to
HTTPS) then mark the user cookie to be sent only over secure connections.

src/main/java/com/gitblit/manager/AuthenticationManager.java[diff]

1 file changed

tree: bd9f0f4bc67cdb5a2dbffe7500e9432331698df3

src/
.checkstyle
.classpath
.gitbugtraq
.gitignore
.gitmodules
.mailmap
.project
build.moxie
build.xml
gitblit.iml
HOME.md
LICENSE
NOTICE
README.markdown
release.template
releases.moxie