Set the httponly flag on the autologin cookie.

author Jean-Philippe Lang <jp_lang@yahoo.fr>

Sun, 23 Jan 2011 11:40:07 +0000 (11:40 +0000)

committer Jean-Philippe Lang <jp_lang@yahoo.fr>

Sun, 23 Jan 2011 11:40:07 +0000 (11:40 +0000)
author Jean-Philippe Lang <jp_lang@yahoo.fr>
Sun, 23 Jan 2011 11:40:07 +0000 (11:40 +0000)
committer Jean-Philippe Lang <jp_lang@yahoo.fr>
Sun, 23 Jan 2011 11:40:07 +0000 (11:40 +0000)
diff --git a/app/controllers/account_controller.rb b/app/controllers/account_controller.rb

index 52b15a17183ec03a9a852be23fedbe82c344842a..0c645e555951baaa43ad0a40fae3cfb2749a112b 100644 (file)
--- a/app/controllers/account_controller.rb
+++ b/app/controllers/account_controller.rb
@@ -216,7 +216,8 @@ class AccountController < ApplicationController
        :value => token.value,
        :expires => 1.year.from_now,
        :path => (Redmine::Configuration['autologin_cookie_path'] || '/'),
-      :secure => (Redmine::Configuration['autologin_cookie_secure'] ? true : false)
+      :secure => (Redmine::Configuration['autologin_cookie_secure'] ? true : false),
+      :httponly => true
      }
      cookies[cookie_name] = cookie_options
    end
author	Jean-Philippe Lang <jp_lang@yahoo.fr>
	Sun, 23 Jan 2011 11:40:07 +0000 (11:40 +0000)
committer	Jean-Philippe Lang <jp_lang@yahoo.fr>
	Sun, 23 Jan 2011 11:40:07 +0000 (11:40 +0000)