From e9bd75f4e10ca37971ef26d79296903c963195fd Mon Sep 17 00:00:00 2001
From: Chocobo1 <Chocobo1@users.noreply.github.com>
Date: Tue, 21 Mar 2017 15:24:41 +0800
Subject: [PATCH] Set HttpOnly attribute to SID cookie

---
 src/webui/abstractwebapplication.cpp | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/webui/abstractwebapplication.cpp b/src/webui/abstractwebapplication.cpp
index c15599466..cb496005d 100644
--- a/src/webui/abstractwebapplication.cpp
+++ b/src/webui/abstractwebapplication.cpp
@@ -354,6 +354,7 @@ bool AbstractWebApplication::sessionStart()
         sessions_[session_->id] = session_;
 
         QNetworkCookie cookie(C_SID, session_->id.toUtf8());
+        cookie.setHttpOnly(true);
         cookie.setPath(QLatin1String("/"));
         header(Http::HEADER_SET_COOKIE, cookie.toRawForm());