BBlack has uploaded a new change for review. https://gerrit.wikimedia.org/r/284111
Change subject: secure CP cookie ...................................................................... secure CP cookie Bug: T119576 Change-Id: Ie6dd296869468d8ca173b8fb9d3fb5de80fbbae8 --- M modules/varnish/templates/vcl/wikimedia-frontend.vcl.erb 1 file changed, 2 insertions(+), 2 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/operations/puppet refs/changes/11/284111/1 diff --git a/modules/varnish/templates/vcl/wikimedia-frontend.vcl.erb b/modules/varnish/templates/vcl/wikimedia-frontend.vcl.erb index 74a7a46..f0e19e0 100644 --- a/modules/varnish/templates/vcl/wikimedia-frontend.vcl.erb +++ b/modules/varnish/templates/vcl/wikimedia-frontend.vcl.erb @@ -340,13 +340,13 @@ // Set CP ('Connection Properties') cookie if (req.http.X-Connection-Properties ~ "SPDY=3|H2=1") { if (req.http.X-Orig-Cookie !~ "(^|;\s*)CP=H2" && req.http.Cookie !~ "(^|;\s*)CP=H2") { - header.append(resp.http.Set-Cookie, "CP=H2; Path=/"); + header.append(resp.http.Set-Cookie, "CP=H2; Path=/; secure"); } } else { // Explicitly unset the cookie if it exists. Support for SPDY in a browser session can // flip if a device moves networks and thus behind a proxy. if (req.http.X-Orig-Cookie ~ "(^|;\s*)CP=H2" || req.http.Cookie ~ "(^|;\s*)CP=H2") { - header.append(resp.http.Set-Cookie, "CP=H1; Expires=Thu, 01-Jan-1970 00:00:01 GMT; Path=/"); + header.append(resp.http.Set-Cookie, "CP=H1; Expires=Thu, 01-Jan-1970 00:00:01 GMT; Path=/; secure"); } } -- To view, visit https://gerrit.wikimedia.org/r/284111 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: Ie6dd296869468d8ca173b8fb9d3fb5de80fbbae8 Gerrit-PatchSet: 1 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: BBlack <bbl...@wikimedia.org> _______________________________________________ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits