Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: name of cookies changed #18

Merged
merged 1 commit into from
Nov 7, 2024
Merged

fix: name of cookies changed #18

merged 1 commit into from
Nov 7, 2024

Conversation

azurit
Copy link
Member

@azurit azurit commented Oct 9, 2024

Name of cookies has changed, see phpmyadmin/phpmyadmin#19141.

@azurit azurit mentioned this pull request Oct 9, 2024
Closed
@williamdes
Copy link

williamdes commented Oct 9, 2024
edited
Loading

I am not sure the rule is even correct before, or it was not supporting https 🤔 ?
Here is a before and after (prefixed with __Secure) both cookies set in my browser
image

PS: maybe all syntaxes should be supported as this changes on a patch version of phpMyAdmin 5.2

@azurit
Copy link
Member Author

azurit commented Oct 10, 2024

These cookies are covered by lines without specific cookie name, for example:
ctl:ruleRemoveTargetById=942370;REQUEST_COOKIES,\

These applies to all cookies, no matter on name.

@williamdes
Copy link

These cookies are covered by lines without specific cookie name, for example: ctl:ruleRemoveTargetById=942370;REQUEST_COOKIES,\

These applies to all cookies, no matter on name.

Then I am not sure to understand why there is two names stated here ?
Can you help me understand please

@azurit
Copy link
Member Author

azurit commented Oct 19, 2024

These lines are covering whitelist for all cookies for a specified rules (see different numbers - IDs):

    ctl:ruleRemoveTargetById=932200;REQUEST_COOKIES,\
    ctl:ruleRemoveTargetById=941100;REQUEST_COOKIES,\
    ctl:ruleRemoveTargetById=941100;REQUEST_COOKIES,\
    ctl:ruleRemoveTargetById=941120;REQUEST_COOKIES,\
    ctl:ruleRemoveTargetById=941120;REQUEST_COOKIES,\
    ctl:ruleRemoveTargetById=942200;REQUEST_COOKIES,\
    ctl:ruleRemoveTargetById=942200;REQUEST_COOKIES,\
    ctl:ruleRemoveTargetById=942340;REQUEST_COOKIES,\
    ctl:ruleRemoveTargetById=942340;REQUEST_COOKIES,\
    ctl:ruleRemoveTargetById=942370;REQUEST_COOKIES,\
    ctl:ruleRemoveTargetById=942370;REQUEST_COOKIES,\

These lines are covering whitelist only for specified cookie names for a specified rules (different than the rules above):

    ctl:ruleRemoveTargetById=942100;REQUEST_COOKIES:auto_saved_sql,\
    ctl:ruleRemoveTargetById=942100;REQUEST_COOKIES:auto_saved_sql,\
    ctl:ruleRemoveTargetById=942260;REQUEST_COOKIES:pma_console_config"
    ctl:ruleRemoveTargetById=942100;REQUEST_COOKIES:__Secure-auto_saved_sql,\
    ctl:ruleRemoveTargetById=942260;REQUEST_COOKIES:pma_console_config,\
    ctl:ruleRemoveTargetById=942260;REQUEST_COOKIES:__Secure-pma_console_config"

@azurit azurit requested a review from EsadCetiner November 7, 2024 13:27
@azurit azurit merged commit e772bcd into coreruleset:master Nov 7, 2024
3 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@EsadCetiner EsadCetiner EsadCetiner approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@azurit @williamdes @EsadCetiner