diff options
Diffstat (limited to 'dev-python/ipython/files/ipython-2.2.0-login-backport.patch')
-rw-r--r-- | dev-python/ipython/files/ipython-2.2.0-login-backport.patch | 35 |
1 files changed, 35 insertions, 0 deletions
diff --git a/dev-python/ipython/files/ipython-2.2.0-login-backport.patch b/dev-python/ipython/files/ipython-2.2.0-login-backport.patch new file mode 100644 index 000000000000..cf6a99db21e8 --- /dev/null +++ b/dev-python/ipython/files/ipython-2.2.0-login-backport.patch @@ -0,0 +1,35 @@ +From 5d6ce3671318c8d32bab770ece841590bbec358d Mon Sep 17 00:00:00 2001 +From: Matthias Bussonnier <bussonniermatthias@gmail.com> +Date: Fri, 17 Apr 2015 13:08:32 -0700 +Subject: [PATCH] Set secure cookie by default if login handler is hit. + + backport of https://github.com/jupyter/jupyter_notebook/pull/22 b8e99bc + +> There is few chances that logged-in people do not use https connexion, +> but I guess it can happened if the server is ran in front of a proxy +> that does the https termination, so leave it configurable. +> +> closes ipython/ipython#8325 +--- + IPython/html/auth/login.py | 8 +++++++- + 1 file changed, 7 insertions(+), 1 deletion(-) + +diff --git a/IPython/html/auth/login.py b/IPython/html/auth/login.py +index 1ad4673..1a340c8 100644 +--- a/IPython/html/auth/login.py ++++ b/IPython/html/auth/login.py +@@ -46,7 +46,13 @@ class LoginHandler(IPythonHandler): + pwd = self.get_argument('password', default=u'') + if self.login_available: + if passwd_check(self.password, pwd): +- self.set_secure_cookie(self.cookie_name, str(uuid.uuid4())) ++ # tornado <4.2 have a bug that consider secure==True as soon as ++ # 'secure' kwarg is passed to set_secure_cookie ++ if self.settings.get('secure_cookie', self.request.protocol == 'https'): ++ kwargs = {'secure':True} ++ else: ++ kwargs = {} ++ self.set_secure_cookie(self.cookie_name, str(uuid.uuid4()), **kwargs) + else: + self._render(message={'error': 'Invalid password'}) + return |