Closed
Bug 652038
Opened 13 years ago
Closed 13 years ago
anoncsrf cookie needs to be httponly and secure
Categories
(addons.mozilla.org Graveyard :: Code Quality, defect, P3)
addons.mozilla.org Graveyard
Code Quality
Tracking
(Not tracked)
VERIFIED
FIXED
6.0.8
People
(Reporter: clouserw, Assigned: jbalogh)
Details
Attachments
(1 file)
265.62 KB,
image/png
|
Details |
Could probably piggyback SESSION_COOKIE_SECURE if you wanted.
Assignee | ||
Comment 1•13 years ago
|
||
https://github.com/mozilla/django-session-csrf/commit/e47cb576 It was already httponly, now it's secure if the request looks secure.
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED
Comment 2•13 years ago
|
||
verified @ https://addons-next.allizom.org/en-US/firefox/users/edit See post-fix screenshot.
Status: RESOLVED → VERIFIED
Comment 3•13 years ago
|
||
Updated•8 years ago
|
Product: addons.mozilla.org → addons.mozilla.org Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•