Make reddit login cookie HTTP only.

2026-01-25 14:58:27 -05:00 · 2012-11-14 12:46:16 -08:00
parent b06dc9b8f1
commit 79358e95b3
1 changed files with 2 additions and 1 deletions
--- a/r2/r2/controllers/reddit_base.py
+++ b/r2/r2/controllers/reddit_base.py
@@ -792,7 +792,8 @@ class RedditController(MinimalController):
    @staticmethod
    def login(user, rem=False):
        c.cookies[g.login_cookie] = Cookie(value = user.make_cookie(),
-                                           expires = NEVER if rem else None)
+                                           expires = NEVER if rem else None,
+                                           httponly=True)

    @staticmethod
    def logout():