Skip to content

Commit

Permalink
LDEV-4854 use stricter application options for admin
Browse files Browse the repository at this point in the history
test search results
  • Loading branch information
zspitzer committed May 16, 2024
1 parent d2484eb commit 2853ebc
Showing 1 changed file with 3 additions and 0 deletions.
3 changes: 3 additions & 0 deletions core/src/main/cfml/context/admin/Application.cfc
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,9 @@ this.sessionCookie.path = getAppFolderPath(); // the admin is always in a folde
this.tag.cookie.sameSite = "strict";
this.tag.cookie.path = getAppFolderPath();
this.tag.cookie.httpOnly = true; // prevent access to session cookies from javascript
this.searchImplicitScopes = false;
this.searchResults = false;
this.security.limitEvaluation = true;

this.xmlFeatures = {
externalGeneralEntities: false,
Expand Down

0 comments on commit 2853ebc

Please sign in to comment.