Uploaded image for project: 'FishEye'
  1. FishEye
  2. FE-899

Cookies with sensitive information should be HttpOnly

    XMLWordPrintable

    Details

    • Type: Suggestion
    • Status: Closed (View Workflow)
    • Resolution: Fixed
    • Fix Version/s: 2.0-M2
    • Component/s: None
    • Labels:
      None
    • Feedback Policy:

      Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.

      Description

      Our auth cookies (infact all cookies) should have httpOnly set on them. This reduces the exposure to cookie-stealing via injected JS.

        Attachments

          Activity

            People

            Assignee:
            jxie Chii
            Reporter:
            mquail Matt Quail (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:

                Time Tracking

                Estimated:
                Original Estimate - 4h
                4h
                Remaining:
                Remaining Estimate - 0h
                0h
                Logged:
                Time Spent - 2h Time Not Required
                2h