Set HttpOnly attribute to SID cookie

2025-08-20 21:33:27 -07:00 · 2017-03-21 15:24:41 +08:00 · 2017-03-21 15:24:41 +08:00 · e9bd75f4e1
commit e9bd75f4e1
parent 9eb01fbe4d
1 changed files with 1 additions and 0 deletions
--- a/src/webui/abstractwebapplication.cpp
+++ b/src/webui/abstractwebapplication.cpp
@ -354,6 +354,7 @@ bool AbstractWebApplication::sessionStart()
        sessions_[session_->id] = session_;

        QNetworkCookie cookie(C_SID, session_->id.toUtf8());
+        cookie.setHttpOnly(true);
        cookie.setPath(QLatin1String("/"));
        header(Http::HEADER_SET_COOKIE, cookie.toRawForm());