68c30e1a71
domain Summary: See D758, D759. - Provide a strongly recommended setting which permits configuration of an alternate domain. - Lock cookies down better: set them on the exact domain, and use SSL-only if the configuration is HTTPS. - Prevent Phabriator from setting cookies on other domains. This assumes D759 will land, it is not effective without that change. Test Plan: - Attempted to login from a different domain and was rejected. - Logged out, logged back in normally. - Put install in setup mode and verified it revealed a warning. - Configured an alterate domain. - Tried to view an image with an old URI, got a 400. - Went to /files/ and verified links rendered to the alternate domain. - Viewed an alternate domain file. - Tried to view an alternate domain file without the secret key, got a 404. Reviewers: andrewjcg, erling, aran, tuomaspelkonen, jungejason, codeblock CC: aran Differential Revision: 760
17 lines
365 B
PHP
17 lines
365 B
PHP
<?php
|
|
/**
|
|
* This file is automatically generated. Lint this module to rebuild it.
|
|
* @generated
|
|
*/
|
|
|
|
|
|
|
|
phutil_require_module('phabricator', 'aphront/exception/csrf');
|
|
phutil_require_module('phabricator', 'infrastructure/env');
|
|
|
|
phutil_require_module('phutil', 'parser/uri');
|
|
phutil_require_module('phutil', 'utils');
|
|
|
|
|
|
phutil_require_source('AphrontRequest.php');
|