Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
What are your thoughts on implementing
$secure = true|false
$httponly = true|false
I propose we can do the following:
- extend the form BasicSettingsForm to provide 2 additional fields
- by default secure can be set to false
- by default httponly can be set to false
- extend the setrawcookie to use config settings.
What are your thoughts? See attched patch!
Comment | File | Size | Author |
---|---|---|---|
#10 | 2925265-1.patch | 4.26 KB | dakku |
Comments
Comment #2
dakku CreditAttribution: dakku as a volunteer commentedComment #3
dakku CreditAttribution: dakku as a volunteer commentedComment #4
dakku CreditAttribution: dakku as a volunteer commentedComment #5
dakku CreditAttribution: dakku as a volunteer commentedComment #6
snufkin CreditAttribution: snufkin at Cheppers for GatherContent commentedI think this would be a very useful addition and improvement to the module. But with making it default on the config retrieval part are we risking breaking legacy sites which do not have https?
Comment #7
dakku CreditAttribution: dakku as a volunteer commentedHey Balazs,
cheers for the feedback. By default, both the options are unchecked. Therefore, legacy sites shouldnt be affected. This will only take effect if the option(s) are set.
Comment #8
snufkin CreditAttribution: snufkin at Cheppers for GatherContent commentedThen thumbs up from me! There are two warnings for missing newlines from dredit, but apart from that I don't see why we shouldn't add this.
Comment #10
dakku CreditAttribution: dakku as a volunteer commentedSlightly updated patch. Cheers for the review Balazs. This is now merged in and available in RC3
Comment #11
dakku CreditAttribution: dakku as a volunteer commented