Public

Project privacy set to public. By default, its content is available to everyone (authenticated or not). Please note that more restrictive permissions might exist on some items.

stable

Clone or download

Read-only

Do not instruct browsers to clear cookies with Clear-Site-Data header on logout

Download Browse

When using the type "cookies" in the Clear-Site-Data header, all the cookies of the origin's eTLD and its subdomains will be affected [0]. For example, if you logout from your Tuleap instance at tuleap.example.com, the cookies of an application located at qa.app.example.com will also be deleted. This behavior is too aggressive to be used by default. This is part of request #12875: Clear all site data on users logout [0] https://w3c.github.io/webappsec-clear-site-data/#clear-cookies Change-Id: I5572bd9f1495ca4e82adca85097fccf7f23c7db9

+1 −1
Thomas Gerbet (tgerbet) 2019-01-30 15:47
Thomas Gerbet (tgerbet) 2019-01-30 15:47
488a43439e9bb566f68e795ce71d121024cf2fc3
d3ed3e4e3cd74aab5ac054c6f95ee25c304fb15f
git #tuleap/stable/488a43439e9bb566f68e795ce71d121024cf2fc3

Modified Files

Side by side diff
Inline diff
Name
M src/common/User/Account/LogoutController.php +1 −1 Go to diff View file