Permalink
Browse files

ENHANCEMENT 'bypassStaticCache' cookie set in Versioned is limited to…

… httpOnly flag (no access by JS) to improve clientside security

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@114568 467b73ca-7a2a-4603-9d3b-597d59a354a9
  • Loading branch information...
1 parent 562eeee commit 1222b4d146b697c0e53b178ef55efa10088a190b @chillu chillu committed Dec 6, 2010
Showing with 2 additions and 2 deletions.
  1. +2 −2 core/model/Versioned.php
@@ -693,9 +693,9 @@ static function choose_site_stage() {
if(!headers_sent()) {
if(Versioned::current_stage() == 'Live') {
- Cookie::set('bypassStaticCache', null, 0);
+ Cookie::set('bypassStaticCache', null, 0, null, null, false, true /* httponly */);
} else {
- Cookie::set('bypassStaticCache', '1', 0);
+ Cookie::set('bypassStaticCache', '1', 0, null, null, false, true /* httponly */);
}
}
}

0 comments on commit 1222b4d

Please sign in to comment.