diff options
| author |  Alexandre Alapetite <alexandre@alapetite.fr>
| 2016-03-08 19:01:43 +0100 |
|---|---|---|
| committer | Alexandre Alapetite <alexandre@alapetite.fr>
| 2016-03-08 19:01:43 +0100 |
| commit | cd4153912f3c91dcb5d68ea886855e9014684ea0 (patch) | |
| tree | f40a50280ddf0a54f73399c481d0743a7e668a19 /CHANGELOG.md | |
| parent | ba9f4461d8935bb9de256a5bedf0c89d3d317c7f (diff) | |
Changelog secure cookie HTTPS
Diffstat (limited to 'CHANGELOG.md')
| -rw-r--r-- | CHANGELOG.md | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md index 7298c4523..a316a1c15 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,7 +5,7 @@ * Security * Added CSP `Content-Security-Policy: default-src 'self'; child-src *; frame-src *; img-src * data:; media-src *` [#1075](https://github.com/FreshRSS/FreshRSS/issues/1075), [#1114](https://github.com/FreshRSS/FreshRSS/issues/1114) * Added `X-Content-Type-Options: nosniff` [#1116](https://github.com/FreshRSS/FreshRSS/pull/1116) - * Cookie with `Secure` tag when used over HTTPS []() + * Cookie with `Secure` tag when used over HTTPS [#1117](https://github.com/FreshRSS/FreshRSS/pull/1117) * Features * New list of domains for which to force HTTPS (for images, videos, iframes…) defined in `./data/force-https.default.txt` and `./data/force-https.txt` [#1083](https://github.com/FreshRSS/FreshRSS/issues/1083) * In particular useful for privacy and to avoid mixed content errors, e.g. to see YouTube videos when FreshRSS is in HTTPS |