aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJoris2020-02-28 11:29:31 +0100
committerJoris2020-02-28 11:29:45 +0100
commit80d0a1f5207378f80e7c851fba13396b6f78f785 (patch)
treefb2c7a9ea4e1c0edb83c3668b388fad4d2ad1d64
parent1770604df99a2071163dd2e24cae0befca528749 (diff)
Update login cookie to be http only
The login cookie should not be used from the client in JavaScript.
Diffstat
-rw-r--r--server/src/Cookie.hs1
1 files changed, 1 insertions, 0 deletions
diff --git a/server/src/Cookie.hs b/server/src/Cookie.hs
index f79a1fa..00d73f2 100644
--- a/server/src/Cookie.hs
+++ b/server/src/Cookie.hs
@@ -34,6 +34,7 @@ makeSimpleCookie conf name value =
, setCookieValue = TS.encodeUtf8 value
, setCookiePath = Just $ TS.encodeUtf8 "/"
, setCookieSecure = Conf.https conf
+ , setCookieHttpOnly = True
}
setCookie :: (Monad m) => SetCookie -> ActionT e m ()
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-22 07:39:32 +0000