Homec4science

Don't try to set anonymous session cookie on CDN/file domain

Authored by epriestley <git@epriestley.com> on Jan 24 2014, 21:29.

Description

Don't try to set anonymous session cookie on CDN/file domain

Summary:
Ref T2380. If an install has a CDN domain configured, but does not list it as an alternate domain (which is standard/correct, but not incredibly common, see T2380), we'll currently try to set anonymous cookies on it. These will correctly fail security rules.

Instead, don't try to set these cookies.

I missed this in testing yesterday because I have a file domain, but I also have it configured as an alternate domain, which allows cookies to be set. Generally, domain management is due for some refactoring.

Test Plan: Set file domain but not as an alternate, logged out, nuked file domain cookies, reloaded page. No error after patch.

Reviewers: btrahan, csilvers

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T2380

Differential Revision: https://secure.phabricator.com/D8057

Details

Committed
epriestley <git@epriestley.com>Jan 24 2014, 21:29
Pushed
aubortJan 31 2017, 17:16
Parents
rPH2735229e3319: Modernize README
Branches
Unknown
Tags
Unknown

Event Timeline

epriestley <git@epriestley.com> committed rPH11786fb1cc84: Don't try to set anonymous session cookie on CDN/file domain (authored by epriestley <git@epriestley.com>).Jan 24 2014, 21:29