Mirrors/dolibarr
1
0
Fork 0
mirror of https://github.com/Dolibarr/dolibarr.git synced 2025-02-20 13:46:52 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fix: Clean header an non https redirect to avoid to have cookie session

Browse Source 
ID in non https answers.
This commit is contained in:
Laurent Destailleur 2020-03-22 02:16:33 +01:00
parent ba8ece525d
commit a0dfbaaea8
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
htdocs/main.inc.php
View File

@ -257,7 +257,7 @@ if (isset($_SERVER["HTTP_USER_AGENT"]))
}
// Force HTTPS if required ($conf->file->main_force_https is 0/1 or https dolibarr root url)
// Force HTTPS if required ($conf->file->main_force_https is 0/1 or 'https dolibarr root url')
// $_SERVER["HTTPS"] is 'on' when link is https, otherwise $_SERVER["HTTPS"] is empty or 'off'
if (!empty($conf->file->main_force_https) && (empty($_SERVER["HTTPS"]) || $_SERVER["HTTPS"] != 'on'))
{
@ -284,6 +284,7 @@ if (!empty($conf->file->main_force_https) && (empty($_SERVER["HTTPS"]) || $_SERV
// Start redirect
if ($newurl)
{
header_remove(); // Clean header already set to be sure to remove any header like "Set-Cookie: DOLSESSID_..." from non HTTPS answers
dol_syslog("main.inc: dolibarr_main_force_https is on, we make a redirect to ".$newurl);
header("Location: ".$newurl);
exit;