Cookies with sensitive information should be HttpOnly

XMLWordPrintable

    • Type: Suggestion
    • Resolution: Fixed
    • 2.0-M2
    • Component/s: None
    • None

      Our auth cookies (infact all cookies) should have httpOnly set on them. This reduces the exposure to cookie-stealing via injected JS.

              Assignee:
              Chii (Inactive)
              Reporter:
              Matt Quail (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

                Created:
                Updated:
                Resolved:

                  Estimated:
                  Original Estimate - 4h
                  4h
                  Remaining:
                  Remaining Estimate - 0h
                  0h
                  Logged:
                  Time Spent - 2h Time Not Required
                  2h