Arina Ielchiieva created DRILL-6466:
---------------------------------------
Summary: Add httpOnly flag for response cookies
Key: DRILL-6466
URL: https://issues.apache.org/jira/browse/DRILL-6466
Project: Apache Drill
Issue Type: Improvement
Affects Versions: 1.13.0
Reporter: Arina Ielchiieva
Assignee: Arina Ielchiieva
Fix For: 1.14.0
Add httpOnly flag to response cookies.
{quote}
When you tag a cookie with the HttpOnly flag, it tells the browser that this
particular cookie should only be accessed by the server. Any attempt to access
the cookie from client script is strictly forbidden. HttpOnly cookies make huge
classes of common XSS attacks much harder to pull off.
{quote}
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
