You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@drill.apache.org by "Arina Ielchiieva (JIRA)" <ji...@apache.org> on 2018/06/05 15:17:00 UTC

[jira] [Created] (DRILL-6466) Add httpOnly flag for response cookies

Arina Ielchiieva created DRILL-6466:
---------------------------------------

             Summary: Add httpOnly flag for response cookies
                 Key: DRILL-6466
                 URL: https://issues.apache.org/jira/browse/DRILL-6466
             Project: Apache Drill
          Issue Type: Improvement
    Affects Versions: 1.13.0
            Reporter: Arina Ielchiieva
            Assignee: Arina Ielchiieva
             Fix For: 1.14.0


Add httpOnly flag to response cookies.

{quote}
When you tag a cookie with the HttpOnly flag, it tells the browser that this particular cookie should only be accessed by the server. Any attempt to access the cookie from client script is strictly forbidden. HttpOnly cookies make huge classes of common XSS attacks much harder to pull off. 
{quote}



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)