Change in ovirt-engine[ovirt-engine-3.5]: restapi: Add HttpOnly flag to session cookie

piotr.kliczewski at gmail.com piotr.kliczewski at gmail.com
Fri Sep 12 10:10:21 UTC 2014


Piotr Kliczewski has submitted this change and it was merged.

Change subject: restapi: Add HttpOnly flag to session cookie
......................................................................


restapi: Add HttpOnly flag to session cookie

The CSRF protection mechanism has been implemented in a way that doesn't
require reading the value of this cookie, so the flag can be enabled
now.

Change-Id: Id0a315fda675ec2c606589f9028d7284d68496d5
Signed-off-by: Juan Hernandez <juan.hernandez at redhat.com>
---
M backend/manager/modules/restapi/webapp/src/main/webapp/WEB-INF/web.xml
1 file changed, 4 insertions(+), 0 deletions(-)

Approvals:
  Juan Hernandez: Verified; Looks good to me, approved



-- 
To view, visit http://gerrit.ovirt.org/32840
To unsubscribe, visit http://gerrit.ovirt.org/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: Id0a315fda675ec2c606589f9028d7284d68496d5
Gerrit-PatchSet: 1
Gerrit-Project: ovirt-engine
Gerrit-Branch: ovirt-engine-3.5
Gerrit-Owner: Juan Hernandez <juan.hernandez at redhat.com>
Gerrit-Reviewer: Alexander Wels <awels at redhat.com>
Gerrit-Reviewer: Juan Hernandez <juan.hernandez at redhat.com>
Gerrit-Reviewer: Piotr Kliczewski <piotr.kliczewski at gmail.com>



More information about the Engine-commits mailing list