[FEATURE] Enable secure cookies by default
The option $TYPO3_CONF_VARS[SYS][cookieSecure] is removed in favor of always setting a secure cookie on HTTPS requests. This leads to errors when a page would be available in HTTP and HTTPS which is normally not the case when using a full site base in Site Handling anymore, and making TYPO3 more secure out-of-the-box. Resolves: #87301 Releases: master Change-Id: Iba90c19456af6a82feb9c53fea52228fbff516be Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/65695 Tested-by:TYPO3com <noreply@typo3.com> Tested-by:
Frank Nägler <frank.naegler@typo3.org> Tested-by:
Oliver Bartsch <bo@cedev.de> Tested-by:
Benni Mack <benni@typo3.org> Reviewed-by:
Jörg Bösche <typo3@joergboesche.de> Reviewed-by:
Showing
- typo3/sysext/backend/Classes/Controller/LoginController.php 1 addition, 3 deletionstypo3/sysext/backend/Classes/Controller/LoginController.php
- typo3/sysext/core/Classes/Authentication/AbstractUserAuthentication.php 15 additions, 23 deletions...ore/Classes/Authentication/AbstractUserAuthentication.php
- typo3/sysext/core/Configuration/DefaultConfiguration.php 0 additions, 1 deletiontypo3/sysext/core/Configuration/DefaultConfiguration.php
- typo3/sysext/core/Configuration/DefaultConfigurationDescription.yaml 0 additions, 7 deletions...t/core/Configuration/DefaultConfigurationDescription.yaml
- typo3/sysext/core/Documentation/Changelog/master/Feature-87301-SecureCookiesEnabledByDefault.rst 33 additions, 0 deletions...og/master/Feature-87301-SecureCookiesEnabledByDefault.rst
- typo3/sysext/install/Classes/Service/SilentConfigurationUpgradeService.php 2 additions, 0 deletions...all/Classes/Service/SilentConfigurationUpgradeService.php
- typo3/sysext/workspaces/Classes/Middleware/WorkspacePreview.php 3 additions, 3 deletions...sysext/workspaces/Classes/Middleware/WorkspacePreview.php
Please register or sign in to comment