[SECURITY] Make InstallTool session cookie HTTP-only 95/59095/2
authorOliver Hader <oliver@typo3.org>
Tue, 11 Dec 2018 09:56:24 +0000 (10:56 +0100)
committerOliver Hader <oliver.hader@typo3.org>
Tue, 11 Dec 2018 09:56:26 +0000 (10:56 +0100)
commita5359491e3fb3164a6ba96a66c8e67fbb9971a4c
tree949d634a29051dac05d44d4d2dec0ef299c937eb
parente4143195e1451630f058a58ab62d92135948a927
[SECURITY] Make InstallTool session cookie HTTP-only

Resolves: #86955
Releases: master, 8.7, 7.6, 6.2
Security-Commit: c7326315b4c80d8563419be040c8a2435ed925ea
Security-Bulletin: TYPO3-CORE-SA-2018-009
Change-Id: I669fdd0de055554511c39de6c0f3f1efd19874b9
Reviewed-on: https://review.typo3.org/59095
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>
Tested-by: Oliver Hader <oliver.hader@typo3.org>
typo3/sysext/install/Classes/Service/SessionService.php