aboutsummaryrefslogtreecommitdiff
path: root/server/src
diff options
context:
space:
mode:
authorJoris2020-02-28 11:29:31 +0100
committerJoris2020-02-28 11:29:45 +0100
commit80d0a1f5207378f80e7c851fba13396b6f78f785 (patch)
treefb2c7a9ea4e1c0edb83c3668b388fad4d2ad1d64 /server/src
parent1770604df99a2071163dd2e24cae0befca528749 (diff)
Update login cookie to be http only
The login cookie should not be used from the client in JavaScript.
Diffstat (limited to 'server/src')
-rw-r--r--server/src/Cookie.hs1
1 files changed, 1 insertions, 0 deletions
diff --git a/server/src/Cookie.hs b/server/src/Cookie.hs
index f79a1fa..00d73f2 100644
--- a/server/src/Cookie.hs
+++ b/server/src/Cookie.hs
@@ -34,6 +34,7 @@ makeSimpleCookie conf name value =
, setCookieValue = TS.encodeUtf8 value
, setCookiePath = Just $ TS.encodeUtf8 "/"
, setCookieSecure = Conf.https conf
+ , setCookieHttpOnly = True
}
setCookie :: (Monad m) => SetCookie -> ActionT e m ()