From 86793653b3f317e33958c065a862efe4f05070c6 Mon Sep 17 00:00:00 2001
From: Tony Murray <murraytony@gmail.com>
Date: Thu, 5 Oct 2023 22:18:49 -0500
Subject: [PATCH] Validate secure cookies (#15401)

* Validate secure session cookies if HTTPS
When HTTPS is available, secure session cookies should be enabled
SESSION_SECURE_COOKIE=true

* Apply fixes from StyleCI

* Note config:cache

---------

Co-authored-by: StyleCI Bot <bot@styleci.io>
---
 LibreNMS/Validations/WebServer.php | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/LibreNMS/Validations/WebServer.php b/LibreNMS/Validations/WebServer.php
index 96519d21fc..180c1dceee 100644
--- a/LibreNMS/Validations/WebServer.php
+++ b/LibreNMS/Validations/WebServer.php
@@ -62,6 +62,10 @@ class WebServer extends BaseValidation
                     $validator->fail('base_url is not set correctly', "lnms config:set base_url $correct_base");
                 }
             }
+
+            if (request()->secure() && ! \config('session.secure')) {
+                $validator->fail('Secure session cookies are not enabled', 'Set SESSION_SECURE_COOKIE=true and run lnms config:cache');
+            }
         }
     }