[
https://issues.apache.org/jira/browse/DRILL-6466?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16503114#comment-16503114
]
ASF GitHub Bot commented on DRILL-6466:
---------------------------------------
arina-ielchiieva commented on issue #1304: DRILL-6466: Add HttpOnly flag to
response cookies
URL: https://github.com/apache/drill/pull/1304#issuecomment-395021687
@sohami addressed code review comment and cleaned up code a little bit to
address warnings from the IDE.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
> Add HttpOnly flag for response cookie
> -------------------------------------
>
> Key: DRILL-6466
> URL: https://issues.apache.org/jira/browse/DRILL-6466
> Project: Apache Drill
> Issue Type: Improvement
> Affects Versions: 1.13.0
> Reporter: Arina Ielchiieva
> Assignee: Arina Ielchiieva
> Priority: Minor
> Fix For: 1.14.0
>
> Attachments: httpOnly.JPG
>
>
> Add HttpOnly flag to response cookies.
> {quote}
> When you tag a cookie with the HttpOnly flag, it tells the browser that this
> particular cookie should only be accessed by the server. Any attempt to
> access the cookie from client script is strictly forbidden. HttpOnly cookies
> make huge classes of common XSS attacks much harder to pull off.
> {quote}
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
