Version 1.1.7 Improve Session Management

2025-03-14 17:19:39 +01:00 · 2018-06-04 23:09:26 +02:00 · 2018-06-04 23:09:26 +02:00 · 089ee04dc0
commit 089ee04dc0
parent 86366dd2bb
6 changed files with 18 additions and 11 deletions
--- a/composer.lock
+++ b/composer.lock
@ -652,7 +652,7 @@
        },
        {
            "name": "symfony/event-dispatcher",
-            "version": "v3.4.10",
+            "version": "v3.4.11",
            "source": {
                "type": "git",
                "url": "https://github.com/symfony/event-dispatcher.git",
@ -770,7 +770,7 @@
        },
        {
            "name": "symfony/yaml",
-            "version": "v2.8.40",
+            "version": "v2.8.41",
            "source": {
                "type": "git",
                "url": "https://github.com/symfony/yaml.git",
--- a/content/5_info/01-release-notes.md
+++ b/content/5_info/01-release-notes.md
@ -2,6 +2,16 @@

 This is the version history with some release notes.

+## Version 1.1.7: Improved Session Management
+
+_Release date: 04.06.2018_
+
+**Please follow the instructions for minor updates** in the [documentation](/gettings-started/update). Please also update the Typemill theme.
+
+- URL to google sitemap is not displayed in settings.
+- Session Cookies are only set when authentication is required.
+- Added security headers for content security policy, refferers, strict transport.
+
 ## Version 1.1.6: Refactoring

 _Release date: 22.05.2018_
--- a/system/Controllers/Controller.php
+++ b/system/Controllers/Controller.php
@ -27,7 +27,6 @@ abstract class Controller
 		if($this->c->request->getUri()->getScheme() == 'https')
 		{
 			$response = $response->withAddedHeader('Strict-Transport-Security', 'max-age=63072000');
-			$response = $response->withAddedHeader('Content-Security-Policy', 'default-src https:');
 		}
 			
 		$response = $response->withAddedHeader('X-Content-Type-Options', 'nosniff');
--- a/system/Settings.php
+++ b/system/Settings.php
@ -26,7 +26,7 @@ class Settings
 		
 		return [
 			'determineRouteBeforeAppMiddleware' 	=> true,
-			'displayErrorDetails' 					=> true,
+			'displayErrorDetails' 					=> false,
 			'title'									=> 'TYPEMILL',
 			'author'								=> 'Unknown',
 			'copyright'								=> 'Copyright',
@ -43,7 +43,7 @@ class Settings
 			'contentFolder'							=> 'content',
 			'cache'									=> true,
 			'cachePath'								=> $rootPath . 'cache',
-			'version'								=> '1.1.6',
+			'version'								=> '1.1.7',
 			'setup'									=> true,
 			'welcome'								=> true
 		];
--- a/system/system.php
+++ b/system/system.php
@ -103,15 +103,15 @@ $container['assets'] = function($c)
 * 	DECIDE FOR SESSION	*
 ************************/

-$session_segments = array('setup/', 'tm/');
+$session_segments = array('setup', 'tm/', '/setup', '/tm/');
 $path = $container['request']->getUri()->getPath();
 $container['flash'] = false;
 $container['csrf'] = false;

 foreach($session_segments as $segment)
-{
+{	
 	if(substr( $path, 0, strlen($segment) ) === $segment)
-	{
+	{		
 		/* start a session */
 		ini_set( 'session.cookie_httponly', 1 );
 		ini_set('session.use_strict_mode', 1);
@ -140,8 +140,6 @@ foreach($session_segments as $segment)
 		{
 			return new \Slim\Flash\Messages();
 		};
-				
-		break;
 	}
 }

--- a/themes/typemill/typemill.yaml
+++ b/themes/typemill/typemill.yaml
@ -1,5 +1,5 @@
 name: Typemill Theme
-version: 1.0.7
+version: 1.0.8
 description: The standard theme for Typemill. Responsive, minimal and without any dependencies. It uses the system fonts Calibri and Helvetica. No JavaScript is used. 
 author: Sebastian Schürmanns
 homepage: http://typemill.net