手册:$wgCookieSecure
| Cookies: $wgCookieSecure | |
|---|---|
| Cookies是否安全。 |
|
| 引进版本: | 1.6.0(r12253) |
| 移除版本: | 仍在使用 |
| 允许的值: | (boolean 或特殊值 'detect') |
| 默认值: | (参见下方) |
| 其他设置: 按首字母排序 | 按功能排序 | |
细节
Cookies 是否仅使用 HTTPS 发送(Cookies 的 Secure 属性,见 RFC 6265 的小节 4.1.2.5)。
HTTPS-only sites should set this to true, to avoid cookie theft.
If configured with the default value, 'detect', the runtime value is calculated by looking at the protocol that the request came in under.
Sites using reverse proxies, load balancing or some other method which converts HTTPS requests into HTTP ones need to set the X-Forwarded-Proto header for detection to work correctly.
(请参阅$wgVaryOnXFP。)
默认值
| MediaWiki版本: | ≥ 1.18 |
$wgCookieSecure = 'detect';
| MediaWiki版本: | 1.6 – 1.17 |
$wgCookieSecure = ($wgProto == 'https');