Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
Make cookies HttpOnly and obey COOKIE_SECURE flag #4706
In case of XSS attack (for example, shown in #4703)
This will not fully protect from XSS, but at least won't let rogue script to steal user's cookies.
Additionaly, COOKIE_SECURE config value now is applied to remember user cookies as well, making them not to leak on plain HTTP website (if such attack is possible).
@@ Coverage Diff @@ ## master #4706 +/- ## ======================================= Coverage 20.63% 20.63% ======================================= Files 166 166 Lines 32314 32314 ======================================= Hits 6669 6669 Misses 24665 24665 Partials 980 980