Option to disable HttpOnly on cookie? #57

tomtaylor · 2015-01-19T15:37:16Z

I'd like to share a cookie between multiple services, some of which make cross domain requests using JS. Currently, HttpOnly is set to true when the cookie is set and cleared. It'd be great to provide an option to disable this.

Instinctively, I'd set this using a -cookie-httponly flag, but there's already a -cookie-https-only flag. I'd be inclined to rename this to -cookie-secure, which I think would be closer to the expected naming, but it's a breaking change.

I'm happy to submit a PR to do this, but I wanted to check your thoughts on renaming the https flag.

The text was updated successfully, but these errors were encountered:

tomtaylor · 2015-01-19T16:13:07Z

I just went ahead and submitted the two things as separate PRs.

jehiah · 2015-01-19T19:33:32Z

closed by #58

This was referenced Jan 19, 2015

Add flag to enable/disable cookie's HttpOnly flag. #58

Merged

Rename flag to set Secure flag on cookie #59

Closed

jehiah closed this as completed Jan 19, 2015

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Option to disable HttpOnly on cookie? #57

Option to disable HttpOnly on cookie? #57

tomtaylor commented Jan 19, 2015

tomtaylor commented Jan 19, 2015

jehiah commented Jan 19, 2015

Option to disable HttpOnly on cookie? #57

Option to disable HttpOnly on cookie? #57

Comments

tomtaylor commented Jan 19, 2015

tomtaylor commented Jan 19, 2015

jehiah commented Jan 19, 2015