• Robert K's avatar
    Check application.ssl when setting a secure cookie · 785e168f
    Robert K authored
    Most SLL-related code in Laravel checks to see if `application.ssl`
    is true before doing an action requiring it. `Cookie::put()` is the
    only exception that I've found, to date, that doesn't test for SSL.
    
    This checks to see that the SSL is enabled when attempting to set a
    secure cookie.
    
    To verify, set `application.ssl` to false (without this patch) then
    run:
    
    	Cookie::put('foo', 'bar', 0, '/', null, true);
    
    You will get an exception because of line 90 in `cookie.php`:
    
    		if ($secure and ! Request::secure())
    		{
    			throw new \Exception("Attempting to set secure cookie over HTTP.");
    		}
    
    With this patch you will not get this error unless both `application.ssl`
    is true, and the cookie `$secure` flag is set.
    785e168f
cookie.php 4.11 KB