Don't try to set anonymous session cookie on CDN/file domain
11786fb1cc84
Actions

Authored by epriestley <git@epriestley.com> on Jan 24 2014, 21:29.

Description

Don't try to set anonymous session cookie on CDN/file domain

Summary:
Ref T2380. If an install has a CDN domain configured, but does not list it as an alternate domain (which is standard/correct, but not incredibly common, see T2380), we'll currently try to set anonymous cookies on it. These will correctly fail security rules.

Instead, don't try to set these cookies.

I missed this in testing yesterday because I have a file domain, but I also have it configured as an alternate domain, which allows cookies to be set. Generally, domain management is due for some refactoring.

Test Plan: Set file domain but not as an alternate, logged out, nuked file domain cookies, reloaded page. No error after patch.

Reviewers: btrahan, csilvers

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T2380

Differential Revision: https://secure.phabricator.com/D8057

Details

Committed

epriestley <git@epriestley.com>

Jan 24 2014, 21:29

Pushed

aubort

Jan 31 2017, 17:16

Parents

rPH2735229e3319: Modernize README

Branches

Unknown

Tags

Unknown

Event Timeline

epriestley <git@epriestley.com> committed rPH11786fb1cc84: Don't try to set anonymous session cookie on CDN/file domain (authored by epriestley <git@epriestley.com>).Jan 24 2014, 21:29

Changes (2)

				Path
	M			src/aphront/AphrontRequest.php
	M			src/applications/base/controller/PhabricatorController.php

Don't try to set anonymous session cookie on CDN/file domain11786fb1cc84Actions

Description

Details

Event Timeline

Changes (2)

rPH11786fb1cc84

src/aphront/AphrontRequest.php

src/applications/base/controller/PhabricatorController.php

Don't try to set anonymous session cookie on CDN/file domain
11786fb1cc84
Actions