mirror of
https://github.com/caddyserver/caddy.git
synced 2025-01-24 17:46:57 +01:00
browse: Don't leak Cookies to sessions in HTTP from HTTPS
This commit is contained in:
parent
3513b6f2f7
commit
c05c5163e2
1 changed files with 3 additions and 3 deletions
|
@ -315,8 +315,8 @@ func (b Browse) ServeHTTP(w http.ResponseWriter, r *http.Request) (int, error) {
|
||||||
listing.Sort = sortCookie.Value
|
listing.Sort = sortCookie.Value
|
||||||
}
|
}
|
||||||
} else { // Save the query value of 'sort' and 'order' as cookies.
|
} else { // Save the query value of 'sort' and 'order' as cookies.
|
||||||
http.SetCookie(w, &http.Cookie{Name: "sort", Value: listing.Sort, Path: "/"})
|
http.SetCookie(w, &http.Cookie{Name: "sort", Value: listing.Sort, Path: bc.PathScope, Secure: r.TLS != nil})
|
||||||
http.SetCookie(w, &http.Cookie{Name: "order", Value: listing.Order, Path: "/"})
|
http.SetCookie(w, &http.Cookie{Name: "order", Value: listing.Order, Path: bc.PathScope, Secure: r.TLS != nil})
|
||||||
}
|
}
|
||||||
|
|
||||||
if listing.Order == "" {
|
if listing.Order == "" {
|
||||||
|
@ -325,7 +325,7 @@ func (b Browse) ServeHTTP(w http.ResponseWriter, r *http.Request) (int, error) {
|
||||||
listing.Order = orderCookie.Value
|
listing.Order = orderCookie.Value
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
http.SetCookie(w, &http.Cookie{Name: "order", Value: listing.Order, Path: "/"})
|
http.SetCookie(w, &http.Cookie{Name: "order", Value: listing.Order, Path: bc.PathScope, Secure: r.TLS != nil})
|
||||||
}
|
}
|
||||||
|
|
||||||
listing.applySort()
|
listing.applySort()
|
||||||
|
|
Loading…
Reference in a new issue