#6961 closed enhancement (fixed)
Support HttpOnly and Secure cookies
Reported by: | DJPaul | Owned by: | djpaul |
---|---|---|---|
Milestone: | 2.6 | Priority: | normal |
Severity: | normal | Version: | |
Component: | Core | Keywords: | |
Cc: |
Description
via https://buddypress.org/support/topic/cookie-bp-activity-oldestpage-httponly-and-or-secure/
We have the following cookies:
- bp-message
- bp-message-type
- bp_new_group_id
- bp_completed_create_steps
- bp_messages_send_to
- bp_messages_subject
- bp_messages_content
Change History (4)
#2
@
9 years ago
- Owner set to djpaul
- Resolution set to fixed
- Status changed from new to closed
In 10654:
#3
@
9 years ago
I've added Secure cookie support, but not HttpOnly because some (maybe all) are accessed with Javascript -- certainly the theme ones, and the group wizard cookies are good contenders for someone accessing with Javascript. I haven't time to audit all the cookies in that level of detail at the moment, so maybe we can do that in the future, perhaps when we rework the template pack. ;)
Note: See
TracTickets for help on using
tickets.
...and more in the theme JS.