Closed Bug 652038 Opened 13 years ago Closed 13 years ago

anoncsrf cookie needs to be httponly and secure

Categories

(addons.mozilla.org Graveyard :: Code Quality, defect, P3)

Product:
addons.mozilla.org Graveyard
Component:
Code Quality
Type:
defect

Tracking

(Not tracked)

Status:
VERIFIED FIXED

People

(Reporter: clouserw, Assigned: jbalogh)

Details

Attachments

(1 file)

post-fix screenshot
265.62 KB, image/png
Details 
Could probably piggyback SESSION_COOKIE_SECURE if you wanted.
https://github.com/mozilla/django-session-csrf/commit/e47cb576

It was already httponly, now it's secure if the request looks secure.
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED
verified @ https://addons-next.allizom.org/en-US/firefox/users/edit

See post-fix screenshot.
Status: RESOLVED → VERIFIED
Attached image post-fix screenshot 
Product: addons.mozilla.org → addons.mozilla.org Graveyard

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: