BBlack has uploaded a new change for review.
https://gerrit.wikimedia.org/r/284111
Change subject: secure CP cookie
......................................................................
secure CP cookie
Bug: T119576
Change-Id: Ie6dd296869468d8ca173b8fb9d3fb5de80fbbae8
---
M modules/varnish/templates/vcl/wikimedia-frontend.vcl.erb
1 file changed, 2 insertions(+), 2 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/operations/puppet
refs/changes/11/284111/1
diff --git a/modules/varnish/templates/vcl/wikimedia-frontend.vcl.erb
b/modules/varnish/templates/vcl/wikimedia-frontend.vcl.erb
index 74a7a46..f0e19e0 100644
--- a/modules/varnish/templates/vcl/wikimedia-frontend.vcl.erb
+++ b/modules/varnish/templates/vcl/wikimedia-frontend.vcl.erb
@@ -340,13 +340,13 @@
// Set CP ('Connection Properties') cookie
if (req.http.X-Connection-Properties ~ "SPDY=3|H2=1") {
if (req.http.X-Orig-Cookie !~ "(^|;\s*)CP=H2" &&
req.http.Cookie !~ "(^|;\s*)CP=H2") {
- header.append(resp.http.Set-Cookie, "CP=H2; Path=/");
+ header.append(resp.http.Set-Cookie, "CP=H2; Path=/;
secure");
}
} else {
// Explicitly unset the cookie if it exists. Support for SPDY
in a browser session can
// flip if a device moves networks and thus behind a proxy.
if (req.http.X-Orig-Cookie ~ "(^|;\s*)CP=H2" || req.http.Cookie
~ "(^|;\s*)CP=H2") {
- header.append(resp.http.Set-Cookie, "CP=H1;
Expires=Thu, 01-Jan-1970 00:00:01 GMT; Path=/");
+ header.append(resp.http.Set-Cookie, "CP=H1;
Expires=Thu, 01-Jan-1970 00:00:01 GMT; Path=/; secure");
}
}
--
To view, visit https://gerrit.wikimedia.org/r/284111
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: Ie6dd296869468d8ca173b8fb9d3fb5de80fbbae8
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: BBlack <bbl...@wikimedia.org>
_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
