Uploaded image for project: 'Apache Drill'
  1. Apache Drill
  2. DRILL-6466

Add HttpOnly flag for response cookie

Attach filesAttach ScreenshotVotersWatch issueWatchersCreate sub-taskLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

    Details

    • Type: Improvement
    • Status: Resolved
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 1.13.0
    • Fix Version/s: 1.14.0
    • Component/s: Web Server
    • Labels:

      Description

      Add HttpOnly flag to response cookies.

      When you tag a cookie with the HttpOnly flag, it tells the browser that this particular cookie should only be accessed by the server. Any attempt to access the cookie from client script is strictly forbidden. HttpOnly cookies make huge classes of common XSS attacks much harder to pull off.

        Attachments

          Activity

            People

            • Assignee:
              arina Arina Ielchiieva
              Reporter:
              arina Arina Ielchiieva
              Reviewer:
              Sorabh Hamirwasia

              Dates

              • Created:
                Updated:
                Resolved:

                Issue deployment