You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@drill.apache.org by "Arina Ielchiieva (JIRA)" <ji...@apache.org> on 2018/06/05 15:17:00 UTC
[jira] [Created] (DRILL-6466) Add httpOnly flag for response
cookies
Arina Ielchiieva created DRILL-6466:
---------------------------------------
Summary: Add httpOnly flag for response cookies
Key: DRILL-6466
URL: https://issues.apache.org/jira/browse/DRILL-6466
Project: Apache Drill
Issue Type: Improvement
Affects Versions: 1.13.0
Reporter: Arina Ielchiieva
Assignee: Arina Ielchiieva
Fix For: 1.14.0
Add httpOnly flag to response cookies.
{quote}
When you tag a cookie with the HttpOnly flag, it tells the browser that this particular cookie should only be accessed by the server. Any attempt to access the cookie from client script is strictly forbidden. HttpOnly cookies make huge classes of common XSS attacks much harder to pull off.
{quote}
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)