[
https://issues.apache.org/jira/browse/TAP5-2327?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15247539#comment-15247539
]
ASF subversion and git services commented on TAP5-2327:
-------------------------------------------------------
Commit 62f33e3dc8b93176b285eb6350ad239c15ef6ace in tapestry-5's branch
refs/heads/master from [~jkemnade]
[ https://git-wip-us.apache.org/repos/asf?p=tapestry-5.git;h=62f33e3 ]
TAP5-2327: upgrade to servlet-api 3.0.1
> The Cookies interface should provide an option to mark cookies as httpOnly
> --------------------------------------------------------------------------
>
> Key: TAP5-2327
> URL: https://issues.apache.org/jira/browse/TAP5-2327
> Project: Tapestry 5
> Issue Type: New Feature
> Components: tapestry-core
> Affects Versions: 5.3.7, 5.4
> Reporter: Martin Schneider
> Labels: desired_for_5.5
> Attachments:
> 0001-TAP-2327-add-httpOnly-method-to-support-Servlet-3.0.patch,
> 0002-TAP-2327-add-support-for-version-and-comment.patch
>
>
> Since Servlet 3.0 there is an option to mark cookies as httpOnly via
> javax.servlet.http.Cookie.setHttpOnly(boolean). There should be an option to
> use that in org.apache.tapestry5.services.Cookies. In 5.3.7 the default
> implementation does not set the httpOnly flag.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
