ENHANCEMENT 'bypassStaticCache' cookie set in Versioned is limited to httpOnly flag (no access by JS) to improve clientside security

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@114568 467b73ca-7a2a-4603-9d3b-597d59a354a9
2024-10-22 14:05:37 +02:00 · 2010-12-06 00:29:20 +00:00 · 2010-12-06 00:29:20 +00:00 · 1222b4d146
commit 1222b4d146
parent 562eeee790
1 changed files with 2 additions and 2 deletions
--- a/core/model/Versioned.php
+++ b/core/model/Versioned.php
@ -693,9 +693,9 @@ class Versioned extends DataObjectDecorator {

 		if(!headers_sent()) {
 			if(Versioned::current_stage() == 'Live') {
-				Cookie::set('bypassStaticCache', null, 0);
+				Cookie::set('bypassStaticCache', null, 0, null, null, false, true /* httponly */);
 			} else {
-				Cookie::set('bypassStaticCache', '1', 0);
+				Cookie::set('bypassStaticCache', '1', 0, null, null, false, true /* httponly */);
 			}
 		}
 	}