You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ponymail.apache.org by se...@apache.org on 2017/01/28 23:51:13 UTC
incubator-ponymail git commit: Cookie should use httpOnly and Secure
Repository: incubator-ponymail
Updated Branches:
refs/heads/master 848bb7129 -> 84eff685e
Cookie should use httpOnly and Secure
This fixes #355
Project: http://git-wip-us.apache.org/repos/asf/incubator-ponymail/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ponymail/commit/84eff685
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ponymail/tree/84eff685
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ponymail/diff/84eff685
Branch: refs/heads/master
Commit: 84eff685e2292c54cf5597b9c7b554ad95e4435a
Parents: 848bb71
Author: Sebb <se...@apache.org>
Authored: Sat Jan 28 23:51:05 2017 +0000
Committer: Sebb <se...@apache.org>
Committed: Sat Jan 28 23:51:05 2017 +0000
----------------------------------------------------------------------
CHANGELOG.md | 1 +
site/api/lib/user.lua | 2 ++
2 files changed, 3 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-ponymail/blob/84eff685/CHANGELOG.md
----------------------------------------------------------------------
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 69ff74e..85c6d0f 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -135,6 +135,7 @@
- Tighten wildcard searches to only search in the same domain level (#348)
- useless conditional when fetching id parameter (#353)
- ES 5.0 no longer supports the write consistency option for index(); archiver fails (#351)
+- Cookie should use httpOnly and Secure (#355)
## CHANGES in 0.9b:
http://git-wip-us.apache.org/repos/asf/incubator-ponymail/blob/84eff685/site/api/lib/user.lua
----------------------------------------------------------------------
diff --git a/site/api/lib/user.lua b/site/api/lib/user.lua
index 9208003..7beff0e 100644
--- a/site/api/lib/user.lua
+++ b/site/api/lib/user.lua
@@ -82,6 +82,8 @@ local function updateUser(r, cid, data)
r:setcookie{
key = "ponymail",
value = cookie .. "==" .. (cid),
+ secure = true,
+ httpOnly = true,
path = "/"
}
end