[
https://issues.apache.org/jira/browse/TAP5-2327?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Jochen Kemnade updated TAP5-2327:
---------------------------------
Labels: bulk-close-candidate (was: security)
This issue affects an old version of Tapestry that is not actively developed
anymore, and is therefore prone to be bulk-closed in the near future.
If the issue still persists with the most recent version of Tapestry (currently
5.4.0, available from Maven Central), please update it as soon as possible and
add '5.4.0') to the issue's affected versions.
> The Cookies interface should provide an option to mark cookies as httpOnly
> --------------------------------------------------------------------------
>
> Key: TAP5-2327
> URL: https://issues.apache.org/jira/browse/TAP5-2327
> Project: Tapestry 5
> Issue Type: New Feature
> Components: tapestry-core
> Affects Versions: 5.3.7
> Reporter: Martin Schneider
> Labels: bulk-close-candidate
>
> Since Servlet 3.0 there is an option to mark cookies as httpOnly via
> javax.servlet.http.Cookie.setHttpOnly(boolean). There should be an option to
> use that in org.apache.tapestry5.services.Cookies. In 5.3.7 the default
> implementation does not set the httpOnly flag.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
