Headline
CVE-2023-41908: chg: [config] Force usage of secure cookie for session and csrf prote… · cerebrate-project/cerebrate@9be8105
Cerebrate before 1.15 lacks the Secure attribute for the session cookie.
Skip to content
Actions
Automate any workflow
Packages
Host and manage packages
Security
Find and fix vulnerabilities
Codespaces
Instant dev environments
Copilot
Write better code with AI
Code review
Manage code changes
Issues
Plan and track work
Discussions
Collaborate outside of code
GitHub Sponsors
Fund open source developers
* The ReadME Project
GitHub community articles
- Pricing
Search code, repositories, users, issues, pull requests…
Provide feedback
Saved searches****Use saved searches to filter your results more quickly
Sign up
Notifications
Fork 14
Code
Issues 66
Pull requests 3
Actions
Projects 3
Wiki
Security
Insights
Commit
Permalink
Browse files
Browse the repository at this point in the history
chg: [config] Force usage of secure cookie for session and csrf prote…
- Loading branch information
Showing 2 changed files with 9 additions and 0 deletions.
- bootstrap.php
- routes.php
8 changes: 8 additions & 0 deletions config/bootstrap.php
Expand Up
@@ -173,6 +173,14 @@
Log::setConfig(Configure::consume(‘Log’));
Security::setSalt(Configure::consume(‘Security.salt’));
Configure::write('Session’, [
‘defaults’ => 'php’,
‘ini’ => [
‘session.cookie_httponly’ => true,
‘session.cookie_secure’ => true,
]
]);
/*
* Setup detectors for mobile and tablet.
*/
Expand Down
1 change: 1 addition & 0 deletions config/routes.php
Expand Up
@@ -49,6 +49,7 @@
// Register scoped middleware for in scopes.
$builder->registerMiddleware('csrf’, new CsrfProtectionMiddleware([
‘httponly’ => true,
‘secure’ => true,
]));
/*
* Apply a middleware to the current route scope.
Expand Down
0 comments on commit 9be8105
Please sign in to comment.