CookieTempDataProvider hard codes cookie to be secure-only, thus requiring HTTPS to function #5511

DamianEdwards · 2016-11-08T05:43:55Z

https://github.com/aspnet/Mvc/blob/dev/src/Microsoft.AspNetCore.Mvc.ViewFeatures/ViewFeatures/CookieTempDataProvider.cs#L69

The cookie should only be marked secure if the incoming request is itself HTTPS. As it stands, this feature cannot be used unless the site is protected with HTTPS.

kichalla · 2016-11-08T21:41:45Z

07a2f1d

Eilon assigned kichalla Nov 8, 2016

Eilon added this to the 1.1.0 milestone Nov 8, 2016

Eilon added bug 1 - Ready labels Nov 8, 2016

kichalla mentioned this issue Nov 8, 2016

Fixes CookieTempDataProvider to set the secure attribute of a cookie … #5518

Closed

kichalla added 2 - Working 3 - Done and removed 1 - Ready 2 - Working labels Nov 8, 2016

kichalla closed this as completed Nov 8, 2016

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

CookieTempDataProvider hard codes cookie to be secure-only, thus requiring HTTPS to function #5511

CookieTempDataProvider hard codes cookie to be secure-only, thus requiring HTTPS to function #5511

DamianEdwards commented Nov 8, 2016

kichalla commented Nov 8, 2016

CookieTempDataProvider hard codes cookie to be secure-only, thus requiring HTTPS to function #5511

CookieTempDataProvider hard codes cookie to be secure-only, thus requiring HTTPS to function #5511

Comments

DamianEdwards commented Nov 8, 2016

kichalla commented Nov 8, 2016