On 12/30/22 15:42, Jo-Philipp Wich wrote:
Hi,
[...]
I renamed the new cookies to "http-sysauth" and "https-sysauth", to work
around this and it seems to do the right thing. But there is still a fault
here.
Already fixed with
https://github.com/jow-/lucihttp/commit/6e68a1065f3ed1889e5fa053b206bd3aa108bd5f
Right, thanks Jow, and everyone involved in OpenWrt. For some reason this was an
update that I had missed in my setup.
More generally, and regard to the earlier suggestion, I would still suggest
splitting the http vs https cookie names in any ongoing luci rework in order to
avoid this situation.
I know that HTTPS on a local system is security theater, but it's where we find
ourselves.
_______________________________________________
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
