Validate secure cookies (#15401)

* Validate secure session cookies if HTTPS When HTTPS is available, secure session cookies should be enabled SESSION_SECURE_COOKIE=true * Apply fixes from StyleCI * Note config:cache --------- Co-authored-by: StyleCI Bot <bot@styleci.io>
2024-10-07 16:52:45 +00:00 · 2023-10-05 22:18:49 -05:00
parent cc98089af1
commit 86793653b3
1 changed files with 4 additions and 0 deletions
--- a/LibreNMS/Validations/WebServer.php
+++ b/LibreNMS/Validations/WebServer.php
@@ -62,6 +62,10 @@ class WebServer extends BaseValidation
                    $validator->fail('base_url is not set correctly', "lnms config:set base_url $correct_base");
                }
            }
+
+            if (request()->secure() && ! \config('session.secure')) {
+                $validator->fail('Secure session cookies are not enabled', 'Set SESSION_SECURE_COOKIE=true and run lnms config:cache');
+            }
        }
    }