aboutsummaryrefslogtreecommitdiffstats
path: root/sonar-server
diff options
context:
space:
mode:
Diffstat (limited to 'sonar-server')
-rw-r--r--sonar-server/src/main/webapp/WEB-INF/app/controllers/sessions_controller.rb2
-rw-r--r--sonar-server/src/main/webapp/WEB-INF/lib/authenticated_system.rb3
2 files changed, 3 insertions, 2 deletions
diff --git a/sonar-server/src/main/webapp/WEB-INF/app/controllers/sessions_controller.rb b/sonar-server/src/main/webapp/WEB-INF/app/controllers/sessions_controller.rb
index 49979d701cf..36c69d5ed1b 100644
--- a/sonar-server/src/main/webapp/WEB-INF/app/controllers/sessions_controller.rb
+++ b/sonar-server/src/main/webapp/WEB-INF/app/controllers/sessions_controller.rb
@@ -31,7 +31,7 @@ class SessionsController < ApplicationController
if logged_in?
if params[:remember_me] == '1'
self.current_user.remember_me
- cookies[:auth_token] = { :value => self.current_user.remember_token , :expires => self.current_user.remember_token_expires_at }
+ cookies[:auth_token] = { :value => self.current_user.remember_token , :expires => self.current_user.remember_token_expires_at, :http_only => true }
end
redirect_back_or_default(home_url)
else
diff --git a/sonar-server/src/main/webapp/WEB-INF/lib/authenticated_system.rb b/sonar-server/src/main/webapp/WEB-INF/lib/authenticated_system.rb
index 140b12ea41a..5f6f661a660 100644
--- a/sonar-server/src/main/webapp/WEB-INF/lib/authenticated_system.rb
+++ b/sonar-server/src/main/webapp/WEB-INF/lib/authenticated_system.rb
@@ -197,7 +197,8 @@ module AuthenticatedSystem
def send_remember_cookie!
cookies[:auth_token] = {
:value => @current_user.remember_token,
- :expires => @current_user.remember_token_expires_at }
+ :expires => @current_user.remember_token_expires_at,
+ :http_only => true }
end
end
generated by cgit v1.2.3 (git 2.39.1) at 2025-02-21 14:12:11 +0000