fanbinit/rhymix
1
0
Fork 0
mirror of https://github.com/Lastorder-DC/rhymix.git synced 2026-04-02 01:52:10 +09:00
Code Issues Projects Releases Packages Wiki Activity

Add admin setting to control the httpOnly attribute

Browse source
This commit is contained in:
Kijin Sung 2023-07-22 20:17:23 +09:00
parent 56b37b7cbc
commit a2932ee8c8
6 changed files with 36 additions and 19 deletions
Download patch file Download diff file Expand all files Collapse all files

2
modules/admin/controllers/systemconfig/Security.php
View file

@ -32,6 +32,7 @@ class Security extends Base
Context::set('remote_addr', RX_CLIENT_IP);
// Session and cookie security settings
Context::set('use_httponly', Config::get('session.httponly'));
Context::set('use_samesite', Config::get('session.samesite'));
Context::set('use_session_ssl', Config::get('session.use_ssl'));
Context::set('use_cookies_ssl', Config::get('session.use_ssl_cookies'));
@ -126,6 +127,7 @@ class Security extends Base
Config::set('admin.allow', array_values($allowed_ip));
Config::set('admin.deny', array_values($denied_ip));
Config::set('session.httponly', $vars->use_httponly === 'Y');
Config::set('session.samesite', $vars->use_samesite);
Config::set('session.use_ssl', $vars->use_session_ssl === 'Y');
Config::set('session.use_ssl_cookies', $vars->use_cookies_ssl === 'Y');