Hi Florian,
Yes it could be seen that way, as we discussed with Emmanuel during the
Paris BSP today, but in fact it's even better, I checked and there is no
problem with Tomcat as the Secure flag as it already automatically set
with the default configuration:
- if Tomcat is accessed through
* Yann Rouillard:
Yes it could be seen that way, as we discussed with Emmanuel during the
Paris BSP today, but in fact it's even better, I checked and there is no
problem with Tomcat as the Secure flag as it already automatically set
with the default configuration:
- if Tomcat is
Can you check that it's possible to force the secure flag with an HTTP
connector? Some load-balancer-based setups need this (although direct
HTTP connections from a browser will not work, obviously).
I can confirm you that is possible, you just have to add
'secure=true' in the HTTP connector
There is already an upstream bug for this problem located at this url:
https://issues.jenkins-ci.org/browse/JENKINS-25019
with a proposed fix that only adresses the HttpOnly issue for Tomcat.
Why isn't the missing “secure” flag a Tomcat configuration issue?
__
This is the maintainer address
4 matches
Mail list logo
