Set the HTTPOnly flag on cookies
Bug #863912 reported by
François Marier
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Libravatar (obsolete) |
Fix Released
|
Medium
|
François Marier |
Bug Description
Once we upgrade to Django 1.3, we should set the HTTPOnly flag on session cookies:
https:/
as mentioned in the Mozilla Secure Coding Guidelines:
https:/
tags: |
added: wheezy removed: django13 |
Changed in libravatar: | |
assignee: | nobody → François Marier (fmarier) |
To post a comment you must log in.
This is the default in Django 1.4 and was automatically enabled when we moved to Wheezy and Django 1.4.