Secure cookie handling upon https to http downgrade
Jo-Philipp Wich
jo at mein.io
Mon Jan 2 10:35:33 PST 2023
Hi,
> More generally, and regard to the earlier suggestion, I would still suggest
> splitting the http vs https cookie names in any ongoing luci rework in order
> to avoid this situation.
this also has been implemented already, see
https://github.com/openwrt/luci/commit/08fb38399f5b297be7d460703b70d3b893139f9f
Regards,
Jo
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.openwrt.org/pipermail/openwrt-devel/attachments/20230102/852637b4/attachment.sig>
More information about the openwrt-devel
mailing list