Skip to:
Content

BuddyPress.org

Opened 4 years ago

Closed 4 years ago

Last modified 3 years ago

#6961 closed enhancement (fixed)

Support HttpOnly and Secure cookies

Reported by: DJPaul Owned by: djpaul
Milestone: 2.6 Priority: normal
Severity: normal Version:
Component: Core Keywords:
Cc:

Description

via https://buddypress.org/support/topic/cookie-bp-activity-oldestpage-httponly-and-or-secure/

We have the following cookies:

  • bp-message
  • bp-message-type
  • bp_new_group_id
  • bp_completed_create_steps
  • bp_messages_send_to
  • bp_messages_subject
  • bp_messages_content

Change History (4)

#1 @DJPaul
4 years ago

...and more in the theme JS.

#2 @djpaul
4 years ago

  • Owner set to djpaul
  • Resolution set to fixed
  • Status changed from new to closed

In 10654:

Support secure cookies.

If the site is served over HTTPS, mark our cookies as secure.

Fixes #6961

Props DJPaul, w3dzign

#3 @DJPaul
4 years ago

I've added Secure cookie support, but not HttpOnly because some (maybe all) are accessed with Javascript -- certainly the theme ones, and the group wizard cookies are good contenders for someone accessing with Javascript. I haven't time to audit all the cookies in that level of detail at the moment, so maybe we can do that in the future, perhaps when we rework the template pack. ;)

#4 @DJPaul
3 years ago

  • Component changed from Component - Any/All to Core
Note: See TracTickets for help on using tickets.