Update login cookie to be http only

The login cookie should not be used from the client in JavaScript.
author: Joris 2020-02-28 11:29:31 +0100
committer: Joris 2020-02-28 11:29:45 +0100
commit: 80d0a1f5207378f80e7c851fba13396b6f78f785 (patch)
tree: fb2c7a9ea4e1c0edb83c3668b388fad4d2ad1d64 /server/src
parent: 1770604df99a2071163dd2e24cae0befca528749 (diff)
download: budget-80d0a1f5207378f80e7c851fba13396b6f78f785.tar.gz
budget-80d0a1f5207378f80e7c851fba13396b6f78f785.tar.bz2
budget-80d0a1f5207378f80e7c851fba13396b6f78f785.zip
1 files changed, 1 insertions, 0 deletions
diff --git a/server/src/Cookie.hs b/server/src/Cookie.hs
index f79a1fa..00d73f2 100644
--- a/server/src/Cookie.hs
+++ b/server/src/Cookie.hs
@@ -34,6 +34,7 @@ makeSimpleCookie conf name value =
     , setCookieValue = TS.encodeUtf8 value
     , setCookiePath = Just $ TS.encodeUtf8 "/"
     , setCookieSecure = Conf.https conf
+    , setCookieHttpOnly = True
     }
 
 setCookie :: (Monad m) => SetCookie -> ActionT e m ()
author	Joris	2020-02-28 11:29:31 +0100
committer	Joris	2020-02-28 11:29:45 +0100
commit	80d0a1f5207378f80e7c851fba13396b6f78f785 (patch)
tree	fb2c7a9ea4e1c0edb83c3668b388fad4d2ad1d64 /server/src
parent	1770604df99a2071163dd2e24cae0befca528749 (diff)
download	budget-80d0a1f5207378f80e7c851fba13396b6f78f785.tar.gz budget-80d0a1f5207378f80e7c851fba13396b6f78f785.tar.bz2 budget-80d0a1f5207378f80e7c851fba13396b6f78f785.zip