Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 1060788 - [RFE] Cookies should be set to only be sent of https
Summary: [RFE] Cookies should be set to only be sent of https
Keywords:
Status: CLOSED DUPLICATE
Alias: None
Product: Red Hat Satellite 6
Classification: Red Hat
Component: Security
Version: 6.0.3
Hardware: Unspecified
OS: Unspecified
low
medium vote
Target Milestone: Unspecified
Assignee: Katello Bug Bin
QA Contact: Katello QA List
URL: http://projects.theforeman.org/issues...
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2014-02-03 15:52 UTC by Bryan Kearney
Modified: 2016-04-22 16:26 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Enhancement
Doc Text:
Clone Of:
Environment:
Last Closed: 2015-10-09 13:22:56 UTC


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Foreman Issue Tracker 4240 None None None 2016-04-22 16:26:06 UTC

Description Bryan Kearney 2014-02-03 15:52:14 UTC
If the app is running in https mode, then cookies should be configured to only be sent over https.

https://www.owasp.org/index.php/SecureFlag

Comment 1 RHEL Product and Program Management 2014-02-03 16:17:26 UTC
Since this issue was entered in Red Hat Bugzilla, the release flag has been
set to ? to ensure that it is properly evaluated for this release.

Comment 3 Bryan Kearney 2015-08-25 17:23:11 UTC
Upstream bug component is WebUI

Comment 4 Bryan Kearney 2015-08-25 17:36:08 UTC
Upstream bug component is Security

Comment 5 Bryan Kearney 2015-08-25 17:56:18 UTC
Upstream bug component is Provisioning

Comment 6 Bryan Kearney 2015-08-25 17:57:58 UTC
Upstream bug component is Security

Comment 7 Bryan Kearney 2015-10-09 13:22:56 UTC

*** This bug has been marked as a duplicate of bug 1215622 ***


Note You need to log in before you can comment on or make changes to this bug.