Public

Project privacy set to public. By default, its content is available to everyone (authenticated or not). Please note that more restrictive permissions might exist on some items.

stable

Clone or download

Read-only

request #14967: Do not set "io" cookie when starting a communication with the realtime server

Download Browse

This cookie sets by the realtime does not any secure or same-site attribute. Modern browsers complains (rightfully) about it. This cookie is only used for sticky session which we do not need. This contribution tells to socket.io to not set it. The change can be easily tested with curl, the response to beginning the discussion with the RT server should not contain a Set-Cookie header: > curl -v https://rt.example.com/socket.io/?transport=polling -o /dev/null Change-Id: I326bf702c37977073079f48596403728abbc0d5c

+1 −1
Thomas Gerbet (tgerbet) 2020-06-09 17:22
Thomas Gerbet (tgerbet) 2020-06-09 17:22
0413bab34e5e8a73f7b46f94e5423fe02d919d53
538bc78240f90f5d88cc0c782dd74346ee83edb9
git #tuleap/stable/0413bab34e5e8a73f7b46f94e5423fe02d919d53

Modified Files

Side by side diff
Inline diff
Name
M server.js +1 −1 Go to diff View file