preserve HttpOnly flag on cookies to prevent XSS attacks

author: Dylan Simon <dylan@dylex.net> 2011-09-14 17:30:42 -0400
committer: Dylan Simon <dylan@dylex.net> 2011-09-17 23:39:45 -0400
commit: a964be6bd96583f8735fd297856f1c9845850f6a (patch)
tree: 332bf3ed489975a76b53d92e6103df306247e919 /src/cookie-jar.c
parent: 23dbcac12ebfd4391132dd27e646fcf892108502 (diff)
1 files changed, 3 insertions, 1 deletions
diff --git a/src/cookie-jar.c b/src/cookie-jar.c
index dd9585b..2f6be83 100644
--- a/src/cookie-jar.c
+++ b/src/cookie-jar.c
@@ -40,7 +40,9 @@ changed(SoupCookieJar *jar, SoupCookie *old_cookie, SoupCookie *new_cookie) {
      * command because otherwise a loop would occur when a cookie change is
      * propagated to other uzbl instances using add/delete_cookie. */
     if(!uzbl_jar->in_manual_add) {
-        gchar *scheme = cookie->secure ? "https" : "http";
+        gchar *scheme = cookie->secure
+		? cookie->http_only ? "httpsOnly" : "https"
+		: cookie->http_only ? "httpOnly"  : "http";
 
         gchar *expires = NULL;
         if(cookie->expires)
author	Dylan Simon <dylan@dylex.net>	2011-09-14 17:30:42 -0400
committer	Dylan Simon <dylan@dylex.net>	2011-09-17 23:39:45 -0400
commit	a964be6bd96583f8735fd297856f1c9845850f6a (patch)
tree	332bf3ed489975a76b53d92e6103df306247e919 /src/cookie-jar.c
parent	23dbcac12ebfd4391132dd27e646fcf892108502 (diff)