You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@ponymail.apache.org by se...@apache.org on 2017/01/28 23:51:13 UTC

incubator-ponymail git commit: Cookie should use httpOnly and Secure

Repository: incubator-ponymail
Updated Branches:
  refs/heads/master 848bb7129 -> 84eff685e


Cookie should use httpOnly and Secure

This fixes #355

Project: http://git-wip-us.apache.org/repos/asf/incubator-ponymail/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ponymail/commit/84eff685
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ponymail/tree/84eff685
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ponymail/diff/84eff685

Branch: refs/heads/master
Commit: 84eff685e2292c54cf5597b9c7b554ad95e4435a
Parents: 848bb71
Author: Sebb <se...@apache.org>
Authored: Sat Jan 28 23:51:05 2017 +0000
Committer: Sebb <se...@apache.org>
Committed: Sat Jan 28 23:51:05 2017 +0000

----------------------------------------------------------------------
 CHANGELOG.md          | 1 +
 site/api/lib/user.lua | 2 ++
 2 files changed, 3 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-ponymail/blob/84eff685/CHANGELOG.md
----------------------------------------------------------------------
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 69ff74e..85c6d0f 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -135,6 +135,7 @@
 - Tighten wildcard searches to only search in the same domain level (#348)
 - useless conditional when fetching id parameter (#353)
 - ES 5.0 no longer supports the write consistency option for index(); archiver fails (#351)
+- Cookie should use httpOnly and Secure (#355)
 
 
 ## CHANGES in 0.9b:

http://git-wip-us.apache.org/repos/asf/incubator-ponymail/blob/84eff685/site/api/lib/user.lua
----------------------------------------------------------------------
diff --git a/site/api/lib/user.lua b/site/api/lib/user.lua
index 9208003..7beff0e 100644
--- a/site/api/lib/user.lua
+++ b/site/api/lib/user.lua
@@ -82,6 +82,8 @@ local function updateUser(r, cid, data)
     r:setcookie{
         key = "ponymail",
         value = cookie .. "==" .. (cid),
+        secure = true,
+        httpOnly = true,
         path = "/"
     }
 end