Opened 7 years ago

Closed 5 years ago

#9845 closed enhancement (wontfix)

HTTP-only cookies

Reported by: KOLANICH Owned by: pde
Priority: Medium Milestone:
Component: HTTPS Everywhere/EFF-HTTPS Everywhere Version:
Severity: Keywords: http-only, rule
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

Some cookies of some sites (at least session) must be http-only but they are not because the admin shits on security. We need to have ability to fix it!

Child Tickets

Change History (4)

comment:1 Changed 7 years ago by KOLANICH

Component: - Select a componentEFF-HTTPS Everywhere
Keywords: http-only rule added
Owner: set to pde

comment:2 Changed 7 years ago by KOLANICH

Type: defectenhancement

comment:3 Changed 6 years ago by zyan

Hm, are you suggesting that we add an option for power-users to manually secure-flag cookies from the HTTPS Everywhere GUI? We already flag cookies as secure automatically when there's a ruleset for doing so.

comment:4 Changed 5 years ago by jsha

Resolution: wontfix
Status: newclosed
Note: See TracTickets for help on using tickets.