diff --git a/snappymail/v/0.0.0/app/libraries/RainLoop/Utils.php b/snappymail/v/0.0.0/app/libraries/RainLoop/Utils.php index 2de35da73..c575104a3 100644 --- a/snappymail/v/0.0.0/app/libraries/RainLoop/Utils.php +++ b/snappymail/v/0.0.0/app/libraries/RainLoop/Utils.php @@ -150,25 +150,15 @@ class Utils return isset($_COOKIE[$sName]) ? $_COOKIE[$sName] : $mDefault; } - public static function SetCookie(string $sName, string $sValue = '', int $iExpire = 0, ?string $sPath = null, ?string $sDomain = null, ?bool $bSecure = null, bool $bHttpOnly = true) + public static function SetCookie(string $sName, string $sValue = '', int $iExpire = 0, bool $bHttpOnly = true) { - if (null === $sPath) - { - $sPath = static::$CookieDefaultPath; - $sPath = $sPath && 0 < \strlen($sPath) ? $sPath : '/'; - } - - if (null === $bSecure) - { - $bSecure = static::$CookieDefaultSecure; - } - + $sPath = static::$CookieDefaultPath; $_COOKIE[$sName] = $sValue; \setcookie($sName, $sValue, array( 'expires' => $iExpire, - 'path' => $sPath, + 'path' => $sPath && 0 < \strlen($sPath) ? $sPath : '/', // 'domain' => $sDomain, - 'secure' => $bSecure, + 'secure' => isset($_SERVER['HTTPS']) || static::$CookieDefaultSecure, 'httponly' => $bHttpOnly, 'samesite' => 'Strict' )); @@ -183,7 +173,7 @@ class Utils 'expires' => \time() - 3600 * 24 * 30, 'path' => $sPath && 0 < \strlen($sPath) ? $sPath : '/', // 'domain' => null, - 'secure' => static::$CookieDefaultSecure, + 'secure' => isset($_SERVER['HTTPS']) || static::$CookieDefaultSecure, 'httponly' => true, 'samesite' => 'Strict' )); diff --git a/snappymail/v/0.0.0/include.php b/snappymail/v/0.0.0/include.php index 19ec2164d..0732fad5b 100644 --- a/snappymail/v/0.0.0/include.php +++ b/snappymail/v/0.0.0/include.php @@ -237,6 +237,16 @@ $_SERVER['HTTP_USER_AGENT'] = ''; } + if (empty($_SERVER['HTTPS']) || 'off' === $_SERVER['HTTPS']) { + unset($_SERVER['HTTPS']); + } + if (isset($_SERVER['REQUEST_SCHEME']) && 'https' === $_SERVER['REQUEST_SCHEME']) { + $_SERVER['HTTPS'] = 'on'; + } + if (isset($_SERVER['HTTPS'])) { + header('Strict-Transport-Security: max-age=31536000'); + } + // See https://github.com/kjdev/php-ext-brotli if (!ini_get('zlib.output_compression') && !ini_get('brotli.output_compression')) { if (defined('USE_BROTLI') && is_callable('brotli_compress_add') && false !== stripos($_SERVER['HTTP_ACCEPT_ENCODING'], 'br')) {