That's fantastic, thanks Willy. Looking forward to having those options available in production when 1.5 becomes stable.
Cheers, Matt. On 31 May 2012, at 20:04, Willy Tarreau wrote: > Hi Matt, > > On Wed, May 30, 2012 at 02:57:51PM +0100, Matt Brock wrote: >> Hi. >> >> I have a client who needed all cookies to contain the HttpOnly flag in order >> to pass a penetration test for PCI compliance. I couldn't see a way of adding >> this flag to HAProxy's persistence cookies. Would it therefore be possible to >> add an 'httponly' option for the 'cookie' parameter? > > Yes it makes sense. I've added it now as well as the "Secure" attribute which > is sometimes used too. > > To enable them, you'll only have to add "httponly" or "secure" on the cookie > line. > > Regards, > Willy > >
