Uploaded image for project: 'Apache Drill'
  1. Apache Drill
  2. DRILL-6466

Add HttpOnly flag for response cookie

    Details

    • Type: Improvement
    • Status: Resolved
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 1.13.0
    • Fix Version/s: 1.14.0
    • Component/s: Web Server
    • Labels:

      Description

      Add HttpOnly flag to response cookies.

      When you tag a cookie with the HttpOnly flag, it tells the browser that this particular cookie should only be accessed by the server. Any attempt to access the cookie from client script is strictly forbidden. HttpOnly cookies make huge classes of common XSS attacks much harder to pull off.

        Attachments

        1. httpOnly.JPG
          20 kB
          Arina Ielchiieva

          Issue Links

            Activity

              People

              • Assignee:
                arina Arina Ielchiieva
                Reporter:
                arina Arina Ielchiieva
                Reviewer:
                Sorabh Hamirwasia
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: