From 4d975b4f882eb2a68da02e069aa1debb99073497 Mon Sep 17 00:00:00 2001 From: Paul McMillan Date: Mon, 21 Nov 2011 22:03:03 +0000 Subject: Fixed #16847. Session Cookies now default to httponly = True. git-svn-id: http://code.djangoproject.com/svn/django/trunk@17135 bcc190cf-cafb-0310-a4f2-bffc1f526a37 --- docs/ref/request-response.txt | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) (limited to 'docs/ref') diff --git a/docs/ref/request-response.txt b/docs/ref/request-response.txt index f0ec7cf237..228b69ebe2 100644 --- a/docs/ref/request-response.txt +++ b/docs/ref/request-response.txt @@ -638,7 +638,7 @@ Methods Returns ``True`` or ``False`` based on a case-insensitive check for a header with the given name. -.. method:: HttpResponse.set_cookie(key, value='', max_age=None, expires=None, path='/', domain=None, secure=None, httponly=False) +.. method:: HttpResponse.set_cookie(key, value='', max_age=None, expires=None, path='/', domain=None, secure=None, httponly=True) .. versionchanged:: 1.3 @@ -646,6 +646,10 @@ Methods ``expires``, and the auto-calculation of ``max_age`` in such case was added. The ``httponly`` argument was also added. + .. versionchanged:: 1.4 + + The default value for httponly was changed from ``False`` to ``True``. + Sets a cookie. The parameters are the same as in the :class:`Cookie.Morsel` object in the Python standard library. @@ -673,7 +677,7 @@ Methods .. _HTTPOnly: http://www.owasp.org/index.php/HTTPOnly -.. method:: HttpResponse.set_signed_cookie(key, value='', salt='', max_age=None, expires=None, path='/', domain=None, secure=None, httponly=False) +.. method:: HttpResponse.set_signed_cookie(key, value='', salt='', max_age=None, expires=None, path='/', domain=None, secure=None, httponly=True) .. versionadded:: 1.4 -- cgit v1.3