From 505bb79a78203da87cde5f9f3b31c579f3bcfac1 Mon Sep 17 00:00:00 2001 From: Florent Daigniere Date: Mon, 14 Nov 2022 15:03:57 +0100 Subject: [PATCH] Don't set the secure Cookie flag if TLS_FLAVOR=notls --- core/admin/mailu/sso/views/base.py | 2 +- core/admin/mailu/utils.py | 2 +- core/admin/run_dev.sh | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/core/admin/mailu/sso/views/base.py b/core/admin/mailu/sso/views/base.py index 6fa9403f..a4218ac6 100644 --- a/core/admin/mailu/sso/views/base.py +++ b/core/admin/mailu/sso/views/base.py @@ -39,7 +39,7 @@ def login(): flask.session.regenerate() flask_login.login_user(user) response = flask.redirect(destination) - response.set_cookie('rate_limit', utils.limiter.device_cookie(username), max_age=31536000, path=flask.url_for('sso.login'), secure=app.config['SESSION_COOKIE_SECURE'], httponly=True) + response.set_cookie('rate_limit', utils.limiter.device_cookie(username), max_age=31536000, path=flask.url_for('sso.login'), secure=False if app.config['TLS_FLAVOR'] == 'notls' else app.config['SESSION_COOKIE_SECURE'], httponly=True) flask.current_app.logger.info(f'Login succeeded for {username} from {client_ip} pwned={form.pwned.data}.') if msg := utils.isBadOrPwned(form): flask.flash(msg, "error") diff --git a/core/admin/mailu/utils.py b/core/admin/mailu/utils.py index f160fe3f..a330a7d6 100644 --- a/core/admin/mailu/utils.py +++ b/core/admin/mailu/utils.py @@ -408,7 +408,7 @@ class MailuSessionInterface(SessionInterface): httponly=self.get_cookie_httponly(app), domain=self.get_cookie_domain(app), path=self.get_cookie_path(app), - secure=self.get_cookie_secure(app), + secure=False if app.config['TLS_FLAVOR'] == 'notls' else self.get_cookie_secure(app), samesite=self.get_cookie_samesite(app) ) diff --git a/core/admin/run_dev.sh b/core/admin/run_dev.sh index 4ab76e74..65841f2c 100755 --- a/core/admin/run_dev.sh +++ b/core/admin/run_dev.sh @@ -68,12 +68,12 @@ ENV \ FLASK_ENV="development" \ MEMORY_SESSIONS="true" \ RATELIMIT_STORAGE_URL="memory://" \ - SESSION_COOKIE_SECURE="false" \ \ DEBUG="true" \ DEBUG_PROFILER="${DEV_PROFILER}" \ DEBUG_ASSETS="/app/static" \ DEBUG_TB_ENABLED="true" \ + DEBUG_TB_INTERCEPT_REDIRECTS=False \ \ IMAP_ADDRESS="127.0.0.1" \ POP3_ADDRESS="127.0.0.1" \