[Koha-bugs] [Bug 9102] [SECURITY] We should set httponly on our session cookie
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Wed Jan 16 05:54:32 CET 2013
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=9102
Galen Charlton <gmcharlt at gmail.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |gmcharlt at gmail.com
--- Comment #14 from Galen Charlton <gmcharlt at gmail.com> ---
I've spent quite a bit of time reviewing the second patch. I'm about ready to
sign off on it, but I've identified some JavaScript related to tags that
expects to read the CGISESSID cookie. Fortunately, it doesn't actually need to
in order to work, but I want to remove references to it.
The offending bits of JavaScript are contained in three files:
koha-tmpl/intranet-tmpl/prog/en/modules/tags/review.tt
koha-tmpl/opac-tmpl/prog/en/js/tags.js
koha-tmpl/opac-tmpl/ccsr/en/js/tags.js
--
You are receiving this mail because:
You are watching all bug changes.
More information about the Koha-bugs
mailing list