Commit 92432511 authored by FX Deltombe's avatar FX Deltombe
Browse files

Fix security issue with cookies and CDA (#556)

parent 8c4399da
......@@ -962,15 +962,13 @@ sub run ($$) {
my $str = $1;
$class->lmLog( 'CDA request', 'debug' );
$apacheRequest->args($args);
my $host = $apacheRequest->get_server_name();
my $redirectUrl = $class->_buildUrl( $apacheRequest->uri );
my $redirectHttps = ( $redirectUrl =~ m/^https/ );
lmSetErrHeaderOut( $apacheRequest,
'Location' => $redirectUrl . ( $args ? "?" . $args : "" ) );
$host =~ s/^[^\.]+\.(.*\..*$)/$1/;
lmSetErrHeaderOut(
$apacheRequest,
'Set-Cookie' => "$str; domain=$host; path=/"
'Set-Cookie' => "$str; path=/"
. ( $redirectHttps ? "; secure" : "" )
. ( $httpOnly ? "; HttpOnly" : "" )
. (
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment