ENHANCEMENT 'bypassStaticCache' cookie set in Versioned is limited to httpOnly flag (no access by JS) to improve clientside security (from r114568)

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@114572 467b73ca-7a2a-4603-9d3b-597d59a354a9
2024-10-01 05:39:10 +02:00 · 2010-12-06 00:37:23 +00:00 · 2010-12-06 00:37:23 +00:00 · f4cc316c8a
commit f4cc316c8a
parent ac4c207846
1 changed files with 2 additions and 2 deletions
--- a/core/model/Versioned.php
+++ b/core/model/Versioned.php
@ -679,9 +679,9 @@ class Versioned extends DataObjectDecorator {

 		if(!headers_sent()) {
 			if(Versioned::current_stage() == 'Live') {
-				Cookie::set('bypassStaticCache', null, 0);
+				Cookie::set('bypassStaticCache', null, 0, null, null, false, true /* httponly */);
 			} else {
-				Cookie::set('bypassStaticCache', '1', 0);
+				Cookie::set('bypassStaticCache', '1', 0, null, null, false, true /* httponly */);
 			}
 		}
 	}