drill-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Arina Ielchiieva (JIRA)" <j...@apache.org>
Subject [jira] [Created] (DRILL-6466) Add httpOnly flag for response cookies
Date Tue, 05 Jun 2018 15:17:00 GMT
Arina Ielchiieva created DRILL-6466:
---------------------------------------

             Summary: Add httpOnly flag for response cookies
                 Key: DRILL-6466
                 URL: https://issues.apache.org/jira/browse/DRILL-6466
             Project: Apache Drill
          Issue Type: Improvement
    Affects Versions: 1.13.0
            Reporter: Arina Ielchiieva
            Assignee: Arina Ielchiieva
             Fix For: 1.14.0


Add httpOnly flag to response cookies.

{quote}
When you tag a cookie with the HttpOnly flag, it tells the browser that this particular cookie
should only be accessed by the server. Any attempt to access the cookie from client script
is strictly forbidden. HttpOnly cookies make huge classes of common XSS attacks much harder
to pull off. 
{quote}



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Mime
View raw message