Flag to set HttpOnly property on cookies

cloudflare / nginx-google-oauth

Lua module to add Google OAuth to nginx

https://blog.cloudflare.com/

MIT License

429 stars 100 forks source link

Closed bcaller closed 7 years ago

bcaller commented 7 years ago

Protects against XSS attacks by preventing the OAuth cookies from access by JavaScript.

I made ngo_http_only_cookies similar to ngo_secure_cookies.