Juan Hernandez has submitted this change and it was merged. Change subject: restapi: Add HttpOnly flag to session cookie ...................................................................... restapi: Add HttpOnly flag to session cookie The CSRF protection mechanism has been implemented in a way that doesn't require reading the value of this cookie, so the flag can be enabled now. Change-Id: Id0a315fda675ec2c606589f9028d7284d68496d5 Signed-off-by: Juan Hernandez <juan.hernandez@redhat.com> --- M backend/manager/modules/restapi/webapp/src/main/webapp/WEB-INF/web.xml 1 file changed, 4 insertions(+), 0 deletions(-) Approvals: Juan Hernandez: Verified Alexander Wels: Looks good to me, approved -- To view, visit http://gerrit.ovirt.org/32833 To unsubscribe, visit http://gerrit.ovirt.org/settings Gerrit-MessageType: merged Gerrit-Change-Id: Id0a315fda675ec2c606589f9028d7284d68496d5 Gerrit-PatchSet: 1 Gerrit-Project: ovirt-engine Gerrit-Branch: master Gerrit-Owner: Juan Hernandez <juan.hernandez@redhat.com> Gerrit-Reviewer: Alexander Wels <awels@redhat.com> Gerrit-Reviewer: Juan Hernandez <juan.hernandez@redhat.com> Gerrit-Reviewer: automation@ovirt.org Gerrit-Reviewer: oVirt Jenkins CI Server