Join GitHub today
GitHub is home to over 36 million developers working together to host and review code, manage projects, and build software together.Sign up
Add httponly attribute session #2127
Disallow client-side decoding of our cookies
Check out the history here: #1926
Code Review Verification Steps
chrisgilmerproj left a comment
I'm pretty excited about this PR. Let's figure out what's going on with the cookie thing and possibly break it out to another PR if we need to fix it (happy to help you merge that PR before this PR). After that and if the rest of the tests pass then let's get this approved!
@@ Coverage Diff @@ ## master #2127 +/- ## ========================================== - Coverage 59.03% 58.86% -0.16% ========================================== Files 237 237 Lines 13795 13781 -14 ========================================== - Hits 8143 8112 -31 - Misses 4662 4685 +23 + Partials 990 984 -6
May 15, 2019
reggieriser left a comment
I left a note about some unused code now that we're not doing the 401 check anymore, but not going to block on that since Sara's not here right now. We can make a separate PR to get rid of it if we want.