Nemcio/GitBucket
1
0
Fork 0
mirror of https://github.com/gitbucket/gitbucket.git synced 2025-11-11 16:05:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

(refs #1291)Add secure attribute to JSESSIONID cookie when baseUrl starts with "https://"

Browse Source
This commit is contained in:
Naoki Takezoe
2016-09-12 15:06:59 +09:00
parent db679967af
commit 7a282fb67e
1 changed files with 9 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
src/main/scala/ScalatraBootstrap.scala
View File

@@ -1,17 +1,23 @@
import gitbucket.core.controller._ import gitbucket.core.controller._
import gitbucket.core.plugin.PluginRegistry import gitbucket.core.plugin.PluginRegistry
import gitbucket.core.servlet.{ApiAuthenticationFilter, GitAuthenticationFilter, Database, TransactionFilter} import gitbucket.core.servlet.{ApiAuthenticationFilter, Database, GitAuthenticationFilter, TransactionFilter}
import gitbucket.core.util.Directory import gitbucket.core.util.Directory
import java.util.EnumSet import java.util.EnumSet
import javax.servlet._ import javax.servlet._
import gitbucket.core.service.SystemSettingsService
import org.scalatra._ import org.scalatra._
class ScalatraBootstrap extends LifeCycle { class ScalatraBootstrap extends LifeCycle with SystemSettingsService {
override def init(context: ServletContext) { override def init(context: ServletContext) {
val settings = loadSystemSettings()
if(settings.baseUrl.exists(_.startsWith("https://"))) {
context.getSessionCookieConfig.setSecure(true)
}
// Register TransactionFilter and BasicAuthenticationFilter at first // Register TransactionFilter and BasicAuthenticationFilter at first
context.addFilter("transactionFilter", new TransactionFilter) context.addFilter("transactionFilter", new TransactionFilter)
context.getFilterRegistration("transactionFilter").addMappingForUrlPatterns(EnumSet.allOf(classOf[DispatcherType]), true, "/*") context.getFilterRegistration("transactionFilter").addMappingForUrlPatterns(EnumSet.allOf(classOf[DispatcherType]), true, "/*")