ENHANCEMENT 'bypassStaticCache' cookie set in Versioned is limited to httpOnly flag (no access by JS) to improve clientside security (from r114568)

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@114572 467b73ca-7a2a-4603-9d3b-597d59a354a9
This commit is contained in:
Ingo Schommer 2010-12-06 00:37:23 +00:00 committed by Sam Minnee
parent ac4c207846
commit f4cc316c8a

View File

@ -679,9 +679,9 @@ class Versioned extends DataObjectDecorator {
if(!headers_sent()) {
if(Versioned::current_stage() == 'Live') {
Cookie::set('bypassStaticCache', null, 0);
Cookie::set('bypassStaticCache', null, 0, null, null, false, true /* httponly */);
} else {
Cookie::set('bypassStaticCache', '1', 0);
Cookie::set('bypassStaticCache', '1', 0, null, null, false, true /* httponly */);
}
}
}