This is an automated email from the ASF dual-hosted git repository. mbien pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/roller.git
commit c68ca04d164bb14353ebf9dc41d9b43844f15784 Author: Michael Bien <[email protected]> AuthorDate: Mon Jul 12 10:20:45 2021 +0200 make session cookie inaccessible form JS. --- app/src/main/webapp/WEB-INF/web.xml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/app/src/main/webapp/WEB-INF/web.xml b/app/src/main/webapp/WEB-INF/web.xml index bd1a0ab..0418832 100644 --- a/app/src/main/webapp/WEB-INF/web.xml +++ b/app/src/main/webapp/WEB-INF/web.xml @@ -449,6 +449,9 @@ <session-config> <session-timeout>30</session-timeout> + <cookie-config> + <http-only>true</http-only> <!-- prohibit JS access --> + </cookie-config> </session-config> <welcome-file-list>
