From 507f9d753f56c0530bd7411c4de1bc3835c03321 Mon Sep 17 00:00:00 2001 From: Jean-Philippe Lang Date: Sun, 23 Jan 2011 11:40:07 +0000 Subject: [PATCH] Set the httponly flag on the autologin cookie. git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@4757 e93f8b46-1217-0410-a6f0-8f06a7374b81 --- app/controllers/account_controller.rb | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/app/controllers/account_controller.rb b/app/controllers/account_controller.rb index 52b15a171..0c645e555 100644 --- a/app/controllers/account_controller.rb +++ b/app/controllers/account_controller.rb @@ -216,7 +216,8 @@ class AccountController < ApplicationController :value => token.value, :expires => 1.year.from_now, :path => (Redmine::Configuration['autologin_cookie_path'] || '/'), - :secure => (Redmine::Configuration['autologin_cookie_secure'] ? true : false) + :secure => (Redmine::Configuration['autologin_cookie_secure'] ? true : false), + :httponly => true } cookies[cookie_name] = cookie_options end -- 2.39.5