utilities-procs-aolserver.tcl

  • last updated 13 hours ago
Constraints
Constraints: committers
 
Constraints: files
Constraints: dates
Reduce usage of ns_mktemp in OpenACS

ns_mktemp uses the deprecated old POSIX call mktemp(), which should

not be used anymore for security reasons (race between the name

creation and opening the file). This change removes several usages of

"ns_mktemp" from OpenACS and replaces it with calls to the

safe Tcl call "file tempfile ..." (introduced by Tcl 8.6).

  1. … 7 more files in changeset.
improve spelling

  1. … 15 more files in changeset.
improve spelling

  1. … 14 more files in changeset.
- ad_set_cookie: add option "-samesite" and use it, when the server supports it (NaviServer 4.99.18)

- use "-samesite strict" per default on signed cookies

Background from NaviServer commit:

ns_setcookie: add flag "-samesite" with values "strict|lax|none"

When the flag is set it prevents the browser from

sending this cookie along with cross-site requests to mitigate cross site

scripting attacks. Permissible values are [term strict], [term lax],

or [term none] (default). While the value [term strict] prevents

sending the cookie to the target site in all cross-site browsing

context, the value of [term lax] allows sending the cookie when the

user clicks on regular links. For details, see

https://www.owasp.org/index.php/SameSite

This cookie flag is not yet part of an RFC, but most major browsers

support it. Browsers that do not support it, ignore the flag

silently (see https://caniuse.com/#search=samesite).

Although most cookies should probably use the flags, in order to

provide backward compatibility, the flag can't be activated by

default on all cookies.

  1. … 2 more files in changeset.
whitespace changes, added editor hints

  1. … 1 more file in changeset.
add partial abckword compatibility for ns_getcontent for AOLserver

make spelling of names more consistent

  1. … 5 more files in changeset.
improve documentation

  1. … 10 more files in changeset.
factor out more server speicifc code

  1. … 1 more file in changeset.
factor out naviserver and aolserver specific code

    • -0
    • +283
    ./utilities-procs-aolserver.tcl
  1. … 2 more files in changeset.