diff options
author | Dylan Simon <dylan@dylex.net> | 2011-09-14 17:30:42 -0400 |
---|---|---|
committer | Dylan Simon <dylan@dylex.net> | 2011-09-17 23:39:45 -0400 |
commit | a964be6bd96583f8735fd297856f1c9845850f6a (patch) | |
tree | 332bf3ed489975a76b53d92e6103df306247e919 /src/cookie-jar.c | |
parent | 23dbcac12ebfd4391132dd27e646fcf892108502 (diff) |
preserve HttpOnly flag on cookies to prevent XSS attacks
Diffstat (limited to 'src/cookie-jar.c')
-rw-r--r-- | src/cookie-jar.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/src/cookie-jar.c b/src/cookie-jar.c index dd9585b..2f6be83 100644 --- a/src/cookie-jar.c +++ b/src/cookie-jar.c @@ -40,7 +40,9 @@ changed(SoupCookieJar *jar, SoupCookie *old_cookie, SoupCookie *new_cookie) { * command because otherwise a loop would occur when a cookie change is * propagated to other uzbl instances using add/delete_cookie. */ if(!uzbl_jar->in_manual_add) { - gchar *scheme = cookie->secure ? "https" : "http"; + gchar *scheme = cookie->secure + ? cookie->http_only ? "httpsOnly" : "https" + : cookie->http_only ? "httpOnly" : "http"; gchar *expires = NULL; if(cookie->expires) |