• last updated 5 hours ago
Constraints
Constraints: committers
 
Constraints: files
Constraints: dates
treat behind_secure_proxy_p like security::secure_conn_p for useing secure cookies in general and for the secure login cookie

use secure token when running behind a secure proxy the same way as when running directly a secure session

Don't trust value of login_level just on basis of the session cookie

modernize exception handling: use proper try/throw instead of swallowing "catch"

call sec_login_handler instead of just sec_generate_session_id_cookie, since otherwise, cryptographically valid session cookie could be used without a ad_login_cookie

improve spelling

  1. … 15 more files in changeset.
make handling of session_ids more robust (necessary for user-switching feature)

fix typo

  1. … 1 more file in changeset.
factor out validation of provided host header.

report only onece, that host header is invalid

  1. … 2 more files in changeset.
Fix typo in proc doc

Fix typos in proc doc

improve comments

  1. … 10 more files in changeset.
fix for redirect-to-secure, when SuppressHttpPort is set

This changes as well:

- improve symmetry security::get_insecure_location and security::get_secure_location

- add regression test to cover basic cases

- bumb version number of acs-tcl to 5.10.0d19

  1. … 2 more files in changeset.
bug fix: Do not return a location with a port, when SuppressHttpPort is set

for details, see: https://openacs.org/forums/message-view?message_id=5399931

improve spelling

  1. … 2 more files in changeset.
Fix proc and contract doc elements, so they are properly parsed by apidoc::api_*_documentation.

- @parameter -> @param

- @params -> @param

- Add missing @param

- @cvs -> @cvs-id

- @version -> @cvs-id

  1. … 12 more files in changeset.
reduce verbosity

switch back to previous code based on sec_generate_session_id_cookie to fix persistent logins

make code more robust, when connection is already closed

Wording

Re-enabling sec_change_user_auth_token as a mean to invalidate login for a user immediately on every connected client

For reference, see discussions in:

- https://openacs.org/forums/message-view?message_id=1691183

- https://openacs.org/forums/message-view?message_id=5392475

flag current request as being performed via aa_testing

modernize tcl

  1. … 1 more file in changeset.
white space changes

allow access via automated testing also via standard login interface

make spelling of names more consistent

  1. … 5 more files in changeset.
Revert massive replacement of empty list creation sentences. The use of '[list]' instead of '{}' adds semantics that could be used for performance improvements in the future, such as using a different internal representation. There is already work in this direction, avoiding the generation of the string representation during comparison of empty strings (huge thanks to Stefan Sobernig for the pointer: https://core.tcl.tk/tcl/info/44527c632ed609c2).

  1. … 475 more files in changeset.
improve CSP in accordance with Google's csp-evaluator.withgoogle.com

  1. … 1 more file in changeset.
Prefer '{}' to '[list]' when creating empty lists

  1. … 71 more files in changeset.
fix more typos

  1. … 5 more files in changeset.