Anonymous Coward #1000526 has posted comments on this change. Change subject: backend: set HttpOnly for all cookies ......................................................................
Patch Set 1: Code-Review-1 The CSRF protection for the RESTAPI is going to be based on double cookie submitting, so it can't be HttpOnly. Remove the RESTAPI part from the patch. -- To view, visit http://gerrit.ovirt.org/25915 To unsubscribe, visit http://gerrit.ovirt.org/settings Gerrit-MessageType: comment Gerrit-Change-Id: I25ae26677c99f94a5e6d7cfe39444811d13ec29c Gerrit-PatchSet: 1 Gerrit-Project: ovirt-engine Gerrit-Branch: master Gerrit-Owner: Alon Bar-Lev <[email protected]> Gerrit-Reviewer: Alexander Wels <[email protected]> Gerrit-Reviewer: Alon Bar-Lev <[email protected]> Gerrit-Reviewer: Anonymous Coward #1000526 Gerrit-Reviewer: Barak Azulay <[email protected]> Gerrit-Reviewer: Juan Hernandez <[email protected]> Gerrit-Reviewer: Vojtech Szocs <[email protected]> Gerrit-Reviewer: Yair Zaslavsky <[email protected]> Gerrit-Reviewer: [email protected] Gerrit-Reviewer: oVirt Jenkins CI Server Gerrit-HasComments: No _______________________________________________ Engine-patches mailing list [email protected] http://lists.ovirt.org/mailman/listinfo/engine-patches
