[DRILL-6466] Add HttpOnly flag for response cookie - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Resolved
Priority: Minor
Resolution: Fixed
Affects Version/s: 1.13.0
Fix Version/s: 1.14.0
Component/s: Web Server
Labels:
- ready-to-commit

Description

Add HttpOnly flag to response cookies.

When you tag a cookie with the HttpOnly flag, it tells the browser that this particular cookie should only be accessed by the server. Any attempt to access the cookie from client script is strictly forbidden. HttpOnly cookies make huge classes of common XSS attacks much harder to pull off.

Attachments

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

httpOnly.JPG
05/Jun/18 15:21
20 kB
Arina Ielchiieva

Issue Links

links to

GitHub Pull Request #1304

Activity

People

Assignee:: Arina Ielchiieva

Reporter:: Arina Ielchiieva

Reviewer:: Sorabh Hamirwasia

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 05/Jun/18 15:16

Updated:: 07/Jun/18 10:45

Resolved:: 07/Jun/18 10:45