Closed asolntsev closed 6 years ago
@perwendel @tipsy @jakaarl @joatmon @M-Razavi ping
@perwendel PING!
@perwendel Hello! Is anybody alive?
@asolntsev Hey, two questions:
Response.cookie
where httpOnly
can be set on individual cookies?@perwendel
httpOnly
is not set by default, but it should be.httpOnly
only to his own cookies using Response.cookie
. But user cannot add httpOnly
to the session cookie (which is created by Jetty deep inside the framework).@asolntsev get it! Thanks!
This is an improvement for PR https://github.com/perwendel/spark/pull/965 from @M-Razavi
In this PR, I
HttpOnly
flag (just in case, probably somebody will need it).