[FEATURE] Enable cookieHttpOnly by default 22/25122/3
authorTomita Militaru <militarutomita@gmail.com>
Sat, 2 Nov 2013 09:39:02 +0000 (11:39 +0200)
committerSteffen Müller <typo3@t3node.com>
Sun, 3 Nov 2013 13:15:43 +0000 (14:15 +0100)
commit227a4b3436aa295e7cd3e4c71e86c94141d14e88
tree98f90bc8c16221304862b485864433e3bd210e11
parent8e1d6bd0e0c70ba0c827d17945d07327472dde75
[FEATURE] Enable cookieHttpOnly by default

Enable cookieHttpOnly by default, which prevents
JavaScript from accessing the session cookie

Resolves: #24647
Releases: 6.2
Change-Id: Id000c9221232aeae325c82db079539564cd36b93
Reviewed-on: https://review.typo3.org/25122
Reviewed-by: Ingo Schmitt
Reviewed-by: Oliver Klee
Reviewed-by: Wouter Wolters
Reviewed-by: Steffen Müller
Tested-by: Steffen Müller
typo3/sysext/core/Configuration/DefaultConfiguration.php