pe7er
commented
5 years ago Maybe the following can be added to your plugin? https://groups.google.com/d/msg/joomla-dev-cms/5BWPRyqb0o4/JY6-BytQy-AJ
Closed pe7er closed 5 years ago
pe7er
commented
5 years ago Maybe the following can be added to your plugin? https://groups.google.com/d/msg/joomla-dev-cms/5BWPRyqb0o4/JY6-BytQy-AJ
pe7er
commented
5 years ago I tried to add the method mentioned in the Google Group myself, but I couldn't get it to work. Furthermore I heard that it's only being used by MSIE, so IMHO it's probably not worth the time...
zero-24
commented
5 years ago hmm I'm not sure whether we should mess with the cookies set by some other extension here, as we can't know whether we can force an secure or httpOnly flag.
I would suggest that the cookies that get set just use the Joomla API which offers the option to set the secure and http only flag: https://github.com/joomla/joomla-cms/blob/staging/libraries/src/Input/Cookie.php#L50-L89
Or I'm just getting you wrong?
pe7er
commented
5 years ago Yeah, you are right. I got the question about implementing HttpOnly and thought it could be done with your plugin. But the more I read & think about it, the less good it seems.
Thanks for looking into it! I'm closing this issue...
I am not sure if this feature fits within the scope of this plugin :-)
I would like to add a http header for "HttpOnly cookies" as described in
The plugin has an option to specify & force HTTP headers. However, for this HttpOnly cookies specification, you'll need the cookie name + value (which both can change).
Is is possible (and useful) to add this option, together with retrieving the right names + values from Joomla?
Thanks!