From 80d0a1f5207378f80e7c851fba13396b6f78f785 Mon Sep 17 00:00:00 2001 From: Joris Date: Fri, 28 Feb 2020 11:29:31 +0100 Subject: Update login cookie to be http only The login cookie should not be used from the client in JavaScript. --- server/src/Cookie.hs | 1 + 1 file changed, 1 insertion(+) diff --git a/server/src/Cookie.hs b/server/src/Cookie.hs index f79a1fa..00d73f2 100644 --- a/server/src/Cookie.hs +++ b/server/src/Cookie.hs @@ -34,6 +34,7 @@ makeSimpleCookie conf name value = , setCookieValue = TS.encodeUtf8 value , setCookiePath = Just $ TS.encodeUtf8 "/" , setCookieSecure = Conf.https conf + , setCookieHttpOnly = True } setCookie :: (Monad m) => SetCookie -> ActionT e m () -- cgit v1.2.3