[Webkit-unassigned] [Bug 10957] HttpOnly Cookie Option

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Mon Nov 17 09:38:32 PST 2008


------- Comment #25 from darin at apple.com  2008-11-17 09:38 PDT -------
(In reply to comment #24)
> http://www.owasp.org/index.php/HTTPOnly is also a great reference. Complete
> implementation includes read and write prevention of HttpOnly cookies though
> document.cookie, as well as prevention of reading or writing HttpOnly cookies
> via a XMLHTTPRequest.

That page doesn't mention prevention of writing HttpOnly cookies vis
XMLHttpRequest. Should that really be prevented? Does any browser currently do

Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

More information about the webkit-unassigned mailing list