From: Jean-Philippe Lang <jp_lang@yahoo.fr>
Date: Sun, 23 Jan 2011 11:40:07 +0000 (+0000)
Subject: Set the httponly flag on the autologin cookie.
X-Git-Tag: 1.2.0~1041
X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=507f9d753f56c0530bd7411c4de1bc3835c03321;p=redmine.git

Set the httponly flag on the autologin cookie.

git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@4757 e93f8b46-1217-0410-a6f0-8f06a7374b81
---

diff --git a/app/controllers/account_controller.rb b/app/controllers/account_controller.rb
index 52b15a171..0c645e555 100644
--- a/app/controllers/account_controller.rb
+++ b/app/controllers/account_controller.rb
@@ -216,7 +216,8 @@ class AccountController < ApplicationController
       :value => token.value,
       :expires => 1.year.from_now,
       :path => (Redmine::Configuration['autologin_cookie_path'] || '/'),
-      :secure => (Redmine::Configuration['autologin_cookie_secure'] ? true : false)
+      :secure => (Redmine::Configuration['autologin_cookie_secure'] ? true : false),
+      :httponly => true
     }
     cookies[cookie_name] = cookie_options
   end