[
https://issues.apache.org/jira/browse/DRILL-6466?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Arina Ielchiieva updated DRILL-6466:
------------------------------------
Description:
Add HttpOnly flag to response cookies.
{quote}
When you tag a cookie with the HttpOnly flag, it tells the browser that this
particular cookie should only be accessed by the server. Any attempt to access
the cookie from client script is strictly forbidden. HttpOnly cookies make huge
classes of common XSS attacks much harder to pull off.
{quote}
was:
Add httpOnly flag to response cookies.
{quote}
When you tag a cookie with the HttpOnly flag, it tells the browser that this
particular cookie should only be accessed by the server. Any attempt to access
the cookie from client script is strictly forbidden. HttpOnly cookies make huge
classes of common XSS attacks much harder to pull off.
{quote}
> Add HttpOnly flag for response cookie
> -------------------------------------
>
> Key: DRILL-6466
> URL: https://issues.apache.org/jira/browse/DRILL-6466
> Project: Apache Drill
> Issue Type: Improvement
> Affects Versions: 1.13.0
> Reporter: Arina Ielchiieva
> Assignee: Arina Ielchiieva
> Priority: Minor
> Fix For: 1.14.0
>
> Attachments: httpOnly.JPG
>
>
> Add HttpOnly flag to response cookies.
> {quote}
> When you tag a cookie with the HttpOnly flag, it tells the browser that this
> particular cookie should only be accessed by the server. Any attempt to
> access the cookie from client script is strictly forbidden. HttpOnly cookies
> make huge classes of common XSS attacks much harder to pull off.
> {quote}
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
