Secure cookie handling upon https to http downgrade

Jo-Philipp Wich jo at mein.io
Fri Dec 30 12:42:37 PST 2022


Hi,

> [...]
> I renamed the new cookies to "http-sysauth" and "https-sysauth", to work
> around this and it seems to do the right thing.  But there is still a fault here.

Already fixed with
https://github.com/jow-/lucihttp/commit/6e68a1065f3ed1889e5fa053b206bd3aa108bd5f

~ Jow

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.openwrt.org/pipermail/openwrt-devel/attachments/20221230/033f8738/attachment.sig>


More information about the openwrt-devel mailing list