Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

second cookie for ajax? #3454

Closed
craigh opened this issue Feb 9, 2017 · 8 comments
Closed

second cookie for ajax? #3454

craigh opened this issue Feb 9, 2017 · 8 comments
Labels
Feature
Milestone
1.5.6

Comments

@craigh
Copy link
Member

craigh commented Feb 9, 2017

refs

is there a way to make the session cookie http only and create a second (non http only) cookie that could be used by ajax thus making the session cookie more secure?
@craigh craigh added this to the 2.0.0-beta1 milestone Feb 9, 2017
@craigh
Copy link
Member Author

craigh commented Mar 31, 2017
edited
Loading

This is related to #3206 and #3505

@craigh craigh removed the UI/UX label Apr 2, 2017
@craigh craigh modified the milestones: 2.0.0-beta1, 2.0.0 Apr 3, 2017
craigh added a commit that referenced this issue Apr 5, 2017
@craigh
allow sessions to file. fixes #2001, #2186 and refs #3454
cbbc2c6
@craigh craigh mentioned this issue Apr 5, 2017
Merged
craigh added a commit that referenced this issue Apr 6, 2017
@craigh
allow sessions to file. fixes #2001, #2186 and refs #3454 (#3522)
106a602 
* allow sessions to file. fixes #2001, #2186 and refs #3454

* ci and changelog

* hacky fix to disable csrf_protection when using cli

* update matthiasnoback/symfony-console-form to v2

* remove hack for csrf_protection

* correct mistake

* correct docs
@Guite
Copy link
Member

Guite commented Apr 8, 2017

@craigh as this is a FR: move to 1.5.0 or 2.1.0?

@craigh craigh modified the milestones: 1.5.0, 2.0.0 Apr 8, 2017
@craigh
Copy link
Member Author

craigh commented May 13, 2017

https://gist.github.com/Burgov/7300028

@craigh
Copy link
Member Author

craigh commented May 14, 2017

Files involved:

  • ThemeModule/EventListener/DefaultPageAssetSetterListener.php
  • ThemeModule/EventListener/AddJSConfigListener.php
  • ThemeModule/Resources/views/Engine/JSConfig.html.twig
  • Bundle/CoreBundle/Resources/public/js/jquery_config.js

@Guite Guite modified the milestones: 1.5.0, 2.1.0 Jun 19, 2017
@Guite
Copy link
Member

Guite commented Jun 19, 2017

@craigh if you think this is important please move back to 1.5

@craigh
Copy link
Member Author

craigh commented Jul 14, 2017

refs \Zikula\Bundle\HookBundle\Controller\HookController::checkAjaxToken

craigh added a commit that referenced this issue Jul 14, 2017
@craigh
#3454
8d4d255
craigh added a commit that referenced this issue Jul 14, 2017
@craigh
Todos (#3654)
81c8070 
* #3644

* #3644

* Use SchemaValidationHelper to accomplish all validation for an extension

* #3646

* convert todo to simple note

* remove todo

* #3647

* remove deprecated plugin type

* remove todo

* remove todo

* refs #3530

* #3648

* #3648

* don't restrict filenames in doc controller

* #3454

* rem todo

* inject translator

* restrict doc controller arg @Guite

* #3649

* send specific message about group membership

* send specific message about group membership

* ci

* translate validation error

* remove todo

* #3650

* #3651

* #3644

* #3652, #2915

* #2915

* #2842

* rem todo

* #2842

* #3653

* revert mistaken change
@Guite
Copy link
Member

Guite commented Mar 28, 2018

refs cookie_httponly see https://github.com/zikula/core/blob/master/src/app/config/config.yml#L31

@gfr gfr mentioned this issue Mar 29, 2018
Merged
3 tasks
@Guite
Copy link
Member

Guite commented Mar 29, 2018

Fixed by #3895

Other related tasks are covered by #3206 and #3505

@Guite Guite closed this as completed Mar 29, 2018
@Guite Guite removed this from the 2.1.0 milestone Mar 29, 2018
@Guite Guite added this to the 1.5.6 milestone Mar 29, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Feature
Projects
None yet
Milestone
1.5.6
Development

No branches or pull requests
2 participants
@Guite @craigh