Cannot set the httpOnly property on cookies
Bug #640293 reported by
paul.lemon
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
play framework |
Fix Committed
|
Medium
|
Nicolas Leroux |
Bug Description
We need to be able to set the httpOnly property on cookies created. C
This is a security requirement for our web application
http://
The play cookie object (play.mvc.
property for httpOnly and also looking at the code in
play.mvc.
property.
Play framework should expose a boolean propery on play.mvc.
I believe httpOnly should be set by default as this is a common secruity issue for all web sites.
visibility: | private → public |
Changed in play: | |
assignee: | nobody → Nicolas Leroux (nicolas-lunatech) |
milestone: | none → 1.1 |
status: | New → Confirmed |
importance: | Undecided → Medium |
Changed in play: | |
status: | Confirmed → Fix Committed |
To post a comment you must log in.