httponly for cookies
in our application we are useing the 'HTTPOnly' attribute for cookies (http://
We currently patch the Zope2 like the changes in the attachment. The diff in the attachment is done against Zope2-2.12.0a4 and does two things
1) HTTPResponse knows the cookie attribute 'HTTPOnly' and add it to the header
2) Add a option in BrowserIdManager.py to autoadd the 'HTTPOnly' attritube for cookies used by sessions
Is there a chance, that the 'HTTPOnly'
PS: I dont know the 'formalism' how to add a feature-request for Zope2. Please criticise me if this way is wrong.
|Changed in zope2:|
|status:||In Progress → Fix Committed|
|assignee:||nobody → tseaver|
|status:||Fix Committed → In Progress|