Secure cookie handling upon https to http downgrade

Jo-Philipp Wich jo at mein.io
Mon Jan 2 10:35:33 PST 2023


Hi,

> More generally, and regard to the earlier suggestion, I would still suggest
> splitting the http vs https cookie names in any ongoing luci rework in order
> to avoid this situation.

this also has been implemented already, see
https://github.com/openwrt/luci/commit/08fb38399f5b297be7d460703b70d3b893139f9f

Regards,
Jo

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.openwrt.org/pipermail/openwrt-devel/attachments/20230102/852637b4/attachment.sig>


More information about the openwrt-devel mailing list