Details
-
New Feature
-
Status: Resolved
-
Major
-
Resolution: Won't Fix
-
4.5.3
-
None
Description
The Cookie interface does not support the HttpOnly attribute as specified in RFC-6265 section 4.1.2.6 ("The HttpOnly Attribute"). Presently in a project where the HttpClient is being used to implement a reverse proxy, we are losing the HttpOnly attribute set from the back-end server. I'd be happy to create a patch for 4.5.4 if it helps