[Webkit-unassigned] [Bug 10957] HttpOnly Cookie Option
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon Nov 17 09:38:32 PST 2008
https://bugs.webkit.org/show_bug.cgi?id=10957
------- Comment #25 from darin at apple.com 2008-11-17 09:38 PDT -------
(In reply to comment #24)
> http://www.owasp.org/index.php/HTTPOnly is also a great reference. Complete
> implementation includes read and write prevention of HttpOnly cookies though
> document.cookie, as well as prevention of reading or writing HttpOnly cookies
> via a XMLHTTPRequest.
That page doesn't mention prevention of writing HttpOnly cookies vis
XMLHttpRequest. Should that really be prevented? Does any browser currently do
that?
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the webkit-unassigned
mailing list