Beefy Boxes and Bandwidth Generously Provided by pair Networks
more useful options
 
PerlMonks  

Cookies switched to HTTPOnly Cookies

by Co-Rion (Monk)
on Mar 22, 2017 at 17:20 UTC ( [id://1185483]=monkdiscuss: print w/replies, xml ) Need Help??

As of just now, I've switched the cookies that the Perlmonks domains set to have the HTTPOnly attribute. This means that the most trivial XSS attack won't be able to steal cookies from here, as the browser will not make the cookie available to Javascript code.

This should be testable locally by pasting the following text into your browser Javascript console while on a Perlmonks domain:

javascript:alert(document.cookies);

If the userpass cookie still shows up there, you might need to log out and log in again.

I believe this will have no ill side-effects.

If you have a genuine use-case for giving Javascript access to the site cookie, please speak up so we can discuss a work-around.

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: monkdiscuss [id://1185483]
Approved by stevieb
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others imbibing at the Monastery: (5)
As of 2024-03-28 23:42 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found