https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=33259
Martin Renvoize changed:
What|Removed |Added
CC|martin.renvoize@ptfs-europe |
|.com
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=33259
Matthias Le Gac changed:
What|Removed |Added
CC|matthias.le-...@inlibro.com |
--
You are receiving th
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=33259
--- Comment #57 from David Cook ---
I hate to say it now, but I think we should change tack, and just focus on the
SameSiteSessionCookie being for the CGISESSID cookie and only for authenticated
contexts. (Focusing only on the CGISES
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=33259
--- Comment #56 from David Cook ---
Oh good. Chrome and Firefox appear to work differently.
In Chrome, if you login to Keycloak first, and then do that
Koha->Keycloak->Koha redirect you're fine.
In Firefox, if you login to Keycloa
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=33259
--- Comment #55 from David Cook ---
(In reply to David Cook from comment #54)
> Interestingly, when Keycloak POSTs a 302 to Koha it doesn't work, but there
> is a scenario with Keycloak where a Strict cookie is still sent after a
> r
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=33259
David Cook changed:
What|Removed |Added
Status|In Discussion |Failed QA
--- Comment #54 from
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=33259
David Cook changed:
What|Removed |Added
Status|Passed QA |In Discussion
--- Comment #53
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=33259
David Cook changed:
What|Removed |Added
Attachment #162186|0 |1
is obsolete|
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=33259
David Cook changed:
What|Removed |Added
Attachment #162185|0 |1
is obsolete|
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=33259
David Cook changed:
What|Removed |Added
Attachment #162184|0 |1
is obsolete|
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=33259
David Cook changed:
What|Removed |Added
Attachment #162183|0 |1
is obsolete|
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=33259
David Cook changed:
What|Removed |Added
Attachment #162182|0 |1
is obsolete|
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=33259
David Cook changed:
What|Removed |Added
Attachment #162181|0 |1
is obsolete|
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=33259
--- Comment #46 from David Cook ---
Technically, a lot of this was probably overkill. The key cookie that needed
Strict is the CGISESSID cookie, because that's where there's security
implications.
However, it doesn't hurt doing it
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=33259
--- Comment #45 from David Cook ---
Rebasing this one as opac/sco-sco-main.pl wasn't applying anymore.
--
You are receiving this mail because:
You are watching all bug changes.
___
Koha-b
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=33259
--- Comment #44 from David Cook ---
Comment on attachment 162186
--> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=162186
Bug 33259: (QA follow-up) Default 'Strict' for new installs
Review of attachment 162186:
-->
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=33259
--- Comment #43 from David Cook ---
(In reply to Martin Renvoize from comment #41)
> No regressions found, this is a real improvement.
>
> My one slight query though is the default, I'd be tempted to set it to
> Strict on new instal
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=33259
--- Comment #42 from Martin Renvoize ---
Created attachment 162186
-->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=162186&action=edit
Bug 33259: (QA follow-up) Default 'Strict' for new installs
--
You are receivin
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=33259
Martin Renvoize changed:
What|Removed |Added
Status|Signed Off |Passed QA
--- Comment #41
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=33259
Martin Renvoize changed:
What|Removed |Added
Attachment #160791|0 |1
is obsolete|
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=33259
Martin Renvoize changed:
What|Removed |Added
Attachment #160790|0 |1
is obsolete|
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=33259
Martin Renvoize changed:
What|Removed |Added
Attachment #160789|0 |1
is obsolete|
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=33259
Martin Renvoize changed:
What|Removed |Added
Attachment #160788|0 |1
is obsolete|
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=33259
Martin Renvoize changed:
What|Removed |Added
Attachment #160787|0 |1
is obsolete|
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=33259
Martin Renvoize changed:
What|Removed |Added
QA Contact|testo...@bugs.koha-communit |martin.renvoize@ptfs-europ
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=33259
Martin Renvoize changed:
What|Removed |Added
CC||martin.renvoize@ptfs-europ
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=33259
--- Comment #35 from Lucas Gass ---
(In reply to Aleisha Amohia from comment #34)
> Oops Lucas and I were working on this at the same time. I'll obselete what I
> did and put his back.
Aleisha, I'm sorry. Since my bug caused the mer
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=33259
Aleisha Amohia changed:
What|Removed |Added
Attachment #160788|1 |0
is obsolete|
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=33259
Aleisha Amohia changed:
What|Removed |Added
Attachment #160787|1 |0
is obsolete|
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=33259
Aleisha Amohia changed:
What|Removed |Added
Attachment #160793|0 |1
is obsolete|
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=33259
Aleisha Amohia changed:
What|Removed |Added
Attachment #160792|0 |1
is obsolete|
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=33259
--- Comment #34 from Aleisha Amohia ---
Oops Lucas and I were working on this at the same time. I'll obselete what I
did and put his back.
--
You are receiving this mail because:
You are watching all bug changes.
__
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=33259
Aleisha Amohia changed:
What|Removed |Added
Attachment #160788|0 |1
is obsolete|
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=33259
Aleisha Amohia changed:
What|Removed |Added
Attachment #160787|0 |1
is obsolete|
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=33259
--- Comment #31 from Lucas Gass ---
Created attachment 160791
-->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=160791&action=edit
Bug 33259: (follow-up) perltidy
Signed-off-by: Lucas Gass
--
You are receiving thi
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=33259
Lucas Gass changed:
What|Removed |Added
Attachment #154145|0 |1
is obsolete|
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=33259
Lucas Gass changed:
What|Removed |Added
Attachment #154144|0 |1
is obsolete|
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=33259
Lucas Gass changed:
What|Removed |Added
Attachment #154143|0 |1
is obsolete|
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=33259
Lucas Gass changed:
What|Removed |Added
Attachment #154142|0 |1
is obsolete|
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=33259
Lucas Gass changed:
What|Removed |Added
Attachment #160786|0 |1
is obsolete|
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=33259
--- Comment #26 from Lucas Gass ---
Created attachment 160786
-->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=160786&action=edit
Bug 33259: (follow-up) perltidy
Signed-off-by: Lucas Gass
--
You are receiving thi
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=33259
Lucas Gass changed:
What|Removed |Added
Status|Patch doesn't apply |Signed Off
--
You are receivi
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=33259
--- Comment #25 from Lucas Gass ---
(In reply to Matthias Le Gac from comment #24)
> Maybe need a rebase I can't apply the patch.
Merge conflicts due to Bug 35651.
--
You are receiving this mail because:
You are watching all bug c
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=33259
Matthias Le Gac changed:
What|Removed |Added
CC||matthias.le-...@inlibro.co
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=33259
--- Comment #23 from David Cook ---
Another thing about "None" is that I think it can only be set with the Secure
attribute set as well.
Not sure what happens when you try to send a cookie with "None" that isn't
secure... I imagine
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=33259
--- Comment #22 from Alex Buckley ---
(In reply to David Cook from comment #21)
> It might be worth adding that "None" has security implications and is not
> recommended?
>
> Overall, I think only "Lax" and "Strict" makes sense for
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=33259
--- Comment #21 from David Cook ---
It might be worth adding that "None" has security implications and is not
recommended?
Overall, I think only "Lax" and "Strict" makes sense for Koha with "Strict"
being preferable overall, althou
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=33259
--- Comment #20 from Alex Buckley ---
Rebased against master, applies cleanly now
--
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=33259
--- Comment #19 from Alex Buckley ---
Created attachment 154145
-->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=154145&action=edit
Bug 33259: (follow-up) Add HTML filters to Cookies.set
Test plan:
Run QA test tools
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=33259
--- Comment #18 from Alex Buckley ---
Created attachment 154144
-->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=154144&action=edit
Bug 33259: (follow-up) Use different speechmarks to prevent errors
To test: Confirm
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=33259
--- Comment #17 from Alex Buckley ---
Created attachment 154143
-->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=154143&action=edit
Bug 33259: Optionally set SameSite attribute of session cookie to Strict
Note: The
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=33259
--- Comment #16 from Alex Buckley ---
Created attachment 154142
-->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=154142&action=edit
Bug 33259: Add SameSiteSessionCookie system preference
Sponsored-by: Toi Ohomai Ins
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=33259
Alex Buckley changed:
What|Removed |Added
Attachment #150557|0 |1
is obsolete|
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=33259
Alex Buckley changed:
What|Removed |Added
Attachment #150558|0 |1
is obsolete|
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=33259
Alex Buckley changed:
What|Removed |Added
Attachment #150559|0 |1
is obsolete|
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=33259
Alex Buckley changed:
What|Removed |Added
Attachment #150560|0 |1
is obsolete|
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=33259
--- Comment #15 from Alex Buckley ---
(In reply to Lucas Gass from comment #10)
> Alex,
>
> The QA tool complains about quite a few missing filters within Cookies.set.
> I think we can add the html filter in those cases, right?
>
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=33259
--- Comment #14 from Alex Buckley ---
Created attachment 150560
-->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=150560&action=edit
Bug 33259: (follow-up) Add HTML filters to Cookies.set
Test plan:
Run QA test tools
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=33259
--- Comment #13 from Alex Buckley ---
Created attachment 150559
-->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=150559&action=edit
Bug 33259: (follow-up) Use different speechmarks to prevent errors
To test: Confirm
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=33259
--- Comment #12 from Alex Buckley ---
Created attachment 150558
-->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=150558&action=edit
Bug 33259: Optionally set SameSite attribute of session cookie to Strict
Note: The
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=33259
--- Comment #11 from Alex Buckley ---
Created attachment 150557
-->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=150557&action=edit
Bug 33259: Add SameSiteSessionCookie system preference
Sponsored-by: Toi Ohomai Ins
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=33259
Alex Buckley changed:
What|Removed |Added
Attachment #148589|0 |1
is obsolete|
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=33259
Alex Buckley changed:
What|Removed |Added
Attachment #148590|0 |1
is obsolete|
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=33259
Alex Buckley changed:
What|Removed |Added
Attachment #150259|0 |1
is obsolete|
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=33259
Lucas Gass changed:
What|Removed |Added
CC||lu...@bywatersolutions.com
---
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=33259
David Cook changed:
What|Removed |Added
CC||dc...@prosentient.com.au
--
Y
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=33259
--- Comment #9 from Aleisha Amohia ---
Created attachment 150259
-->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=150259&action=edit
Bug 33259: (follow-up) Use different speechmarks to prevent errors
To test: Confir
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=33259
Aleisha Amohia changed:
What|Removed |Added
Status|Signed Off |Needs Signoff
--
You are
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=33259
Sally changed:
What|Removed |Added
CC||sally.healey@cheshireshared
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=33259
ByWater Sandboxes changed:
What|Removed |Added
Attachment #148580|0 |1
is obsolete|
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=33259
ByWater Sandboxes changed:
What|Removed |Added
Attachment #148579|0 |1
is obsolete|
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=33259
Alex Buckley changed:
What|Removed |Added
Status|ASSIGNED|Needs Signoff
--- Comment #5
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=33259
--- Comment #4 from Alex Buckley ---
Created attachment 148580
-->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=148580&action=edit
Bug 33259: Optionally set SameSite attribute of session cookie to Strict
Note: The b
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=33259
--- Comment #3 from Alex Buckley ---
Created attachment 148579
-->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=148579&action=edit
Bug 33259: Add SameSiteSessionCookie system preference
Sponsored-by: Toi Ohomai Inst
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=33259
Alex Buckley changed:
What|Removed |Added
Attachment #148578|0 |1
is obsolete|
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=33259
Alex Buckley changed:
What|Removed |Added
Attachment #148577|0 |1
is obsolete|
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=33259
--- Comment #2 from Alex Buckley ---
Created attachment 148578
-->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=148578&action=edit
Bug 33259: Optionally set SameSite attribute of session cookie to Strict
Note: The b
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=33259
--- Comment #1 from Alex Buckley ---
Created attachment 148577
-->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=148577&action=edit
Bug 33259: Add SameSiteSessionCookie system preference
Sponsored-by: Toi Ohomai Inst
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=33259
Aleisha Amohia changed:
What|Removed |Added
Assignee|koha-b...@lists.koha-commun |alexbuck...@catalyst.net.nz
79 matches
Mail list logo