[wp-trac] [WordPress Trac] #52639: Add proper Security Attributes to the Cookies set by WordPress
WordPress Trac
noreply at wordpress.org
Wed Feb 24 14:14:27 UTC 2021
#52639: Add proper Security Attributes to the Cookies set by WordPress
-------------------------------+-------------------------------
Reporter: isaumya | Owner: (none)
Type: enhancement | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Security | Version:
Severity: normal | Resolution:
Keywords: reporter-feedback | Focuses: coding-standards
-------------------------------+-------------------------------
Comment (by isaumya):
Hi @SergeyBiryukov,
Thanks a lot for your reply. As you said mentioned above I am glad to know
that `SameSite` is planned for upcoming future release. And I am glad to
know that `Secure` is being added to most cookies. But `HttpOnly` is still
missing on many cookies. For example `wordpress_test_cookie`, `wp-
settings-2`, `wp-settings-time-2` etc. don't have `HttpOnly` set.
[[Image(https://i.imgur.com/RGBRvMO.png)]]
So, why `HttpOnly` is missing for them?
--
Ticket URL: <https://core.trac.wordpress.org/ticket/52639#comment:3>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list