[wp-trac] [WordPress Trac] #61322: HTTPOnly attribute for WP Test Cookies
WordPress Trac
noreply at wordpress.org
Tue Jan 21 13:17:48 UTC 2025
#61322: HTTPOnly attribute for WP Test Cookies
-------------------------------------------+--------------------------
Reporter: earthman100 | Owner: johnbillion
Type: feature request | Status: closed
Priority: normal | Milestone: 6.8
Component: Security | Version:
Severity: normal | Resolution: fixed
Keywords: has-patch needs-testing early | Focuses:
-------------------------------------------+--------------------------
Changes (by johnbillion):
* status: reviewing => closed
* resolution: => fixed
Comment:
In [changeset:"59671" 59671]:
{{{
#!CommitTicketReference repository="" revision="59671"
Security: Set the HttpOnly flag for the test cookie and the `wp_lang`
cookie on the login screen.
These cookies are only accessed server-side and don't need to be exposed
to JavaScript in the browser.
Props earthman100, kevinlearynet
Fixes #61322
}}}
--
Ticket URL: <https://core.trac.wordpress.org/ticket/61322#comment:7>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list