From 79358e95b336ad0cd735cc02b4241cef062f21c9 Mon Sep 17 00:00:00 2001
From: Max Goodman <max@reddit.com>
Date: Wed, 14 Nov 2012 12:46:16 -0800
Subject: [PATCH] Make reddit login cookie HTTP only.

---
 r2/r2/controllers/reddit_base.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/r2/r2/controllers/reddit_base.py b/r2/r2/controllers/reddit_base.py
index 71b633624..df8ef3c25 100644
--- a/r2/r2/controllers/reddit_base.py
+++ b/r2/r2/controllers/reddit_base.py
@@ -792,7 +792,8 @@ class RedditController(MinimalController):
     @staticmethod
     def login(user, rem=False):
         c.cookies[g.login_cookie] = Cookie(value = user.make_cookie(),
-                                           expires = NEVER if rem else None)
+                                           expires = NEVER if rem else None,
+                                           httponly=True)
 
     @staticmethod
     def logout():