Cookies with sensitive information should be HttpOnly

XMLWordPrintable

    • Type: Suggestion
    • Resolution: Fixed
    • 2.0-M2
    • Component/s: None
    • None

      Our auth cookies (infact all cookies) should have httpOnly set on them. This reduces the exposure to cookie-stealing via injected JS.

            Assignee:
            Chii (Inactive)
            Reporter:
            Matt Quail (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

              Created:
              Updated:
              Resolved:

                Estimated:
                Original Estimate - 4h
                4h
                Remaining:
                Remaining Estimate - 0h
                0h
                Logged:
                Time Spent - 2h Time Not Required
                2h