Bugzilla cookies HTTP only

Gervase Markham gerv at mozilla.org
Fri Jan 15 15:09:22 UTC 2010

On 14/01/10 16:53, Frédéric Buclin wrote:
> Le 13. 01. 10 17:37, Gervase Markham a écrit :
>> What exactly are the security benefits we get from having our cookies
>> HTTPonly?
> Read bug 368502

That bug lists lots of implementation detail, but at no point (that I
can see) explains _why_ it actually increases our security. That is the
question I am asking.

The bug basically goes:

- We should do this
- Here's a patch
- Will it break anything?
- No
- Here's a fixed patch
- Checked in
- Will it break this other thing, then?
- No, it won't break that either

There's no rationale anywhere.


dev-apps-bugzilla mailing list
dev-apps-bugzilla at lists.mozilla.org

More information about the developers mailing list