ivo/ponzi
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #1850 from rk/patch-1

Browse Source 
Check application.ssl when setting a secure cookie
This commit is contained in:
Taylor Otwell
2013-04-06 18:27:53 -07:00
parent 9c9b6eed10 785e168f5e
commit 936160f907
1 changed files with 4 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
laravel/cookie.php
View File

@@ -82,6 +82,10 @@ class Cookie {
$value = static::hash($value).'+'.$value; $value = static::hash($value).'+'.$value;
// If the developer has explicitly disabled SLL, then we shouldn't force
// this cookie over SSL.
$secure = $secure && Config::get('application.ssl');
// If the secure option is set to true, yet the request is not over HTTPS // If the secure option is set to true, yet the request is not over HTTPS
// we'll throw an exception to let the developer know that they are // we'll throw an exception to let the developer know that they are
// attempting to send a secure cookie over the insecure HTTP. // attempting to send a secure cookie over the insecure HTTP.