Comment 5 for bug 96878
Revision history for this message
| Stuart Bishop (stub) wrote Re: [Bug 96878] Re: Launchpad session cookie should be hidden from Javascript | #5 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
bbfa235
(Get the code!)
On Wed, Feb 17, 2010 at 5:54 PM, Guilherme Salgado <email address hidden> wrote:
> I thought we relied on this to access the webservice API using
> javascript.
I don't think so, but it certainly is something to test. As I understand it, the cookie will still be sent with all HTTP requests, including those initiated from JavaScript to launchpad.net. The JavaScript can't access the cookie itself though so cannot steal or do anything malicious with it.
--
Stuart Bishop <email address hidden>
http://