Hello,
i’ve tried to configured secure cookies in 2.30 by changing the server-conf.xml with
<New id="scm-webapp" class="org.eclipse.jetty.webapp.WebAppContext">
<Set name="contextPath">/scm</Set>
<Set name="war">
<SystemProperty name="basedir" default="."/>/var/webapp/scm-webapp.war</Set>
<!-- disable directory listings -->
<Call name="setInitParameter">
<Arg>org.eclipse.jetty.servlet.Default.dirAllowed</Arg>
<Arg>false</Arg>
</Call>
<Set name="tempDirectory">
<SystemProperty name="basedir" default=".">/work/scm</SystemProperty
</Set>
<Get name="sessionHandler">
<Get name="sessionManager">
<Set name="secureCookies">true</Set>
<Set name="httpOnly">true</Set>
</Get>
</Get>
</New>
But the error is NoSuchMethodError.
Tried to edit web.xml also with
<session-config>
<session-timeout>30</session-timeout>
<cookie-config>
<secure>true</secure>
<http-only>true</http-only>
</cookie-config>
</session-config>
and the cookie still insecure.
Can anyone help ?
Thanks
Ricardo
Hey Ricardo,
have you checked our reverse proxy documentation?
If not, there is a part about
If XSRF protection is enabled on the SCM-Manager server, the cookie has to be HttpOnly=false and must not be modified.
Maybe this could already help you?
Regards, Eduard
Hi Ricardo,
SCM-Manager uses secure cookies automatically, if it is access over https:
Do you have https configured (https://scm-manager.org/docs/latest/en/administration/scm-server/#https)?
I am closing this topic as there has been no activity for more than 30 days.