Commits

Peter Suter committed ff993d1 Merge

Merge with trunk

  • Participants
  • Parent commits 9ca7038, 47f4cf8

Comments (0)

Files changed (3)

File trac/web/auth.py

                                              or req.base_path or '/'
         if self.env.secure_cookies:
             req.outcookie['trac_auth']['secure'] = True
+        if sys.version_info >= (2, 6):
+            req.outcookie['trac_auth']['httponly'] = True
         if self.auth_cookie_lifetime > 0:
             req.outcookie['trac_auth']['expires'] = self.auth_cookie_lifetime
 
         req.outcookie['trac_auth']['expires'] = -10000
         if self.env.secure_cookies:
             req.outcookie['trac_auth']['secure'] = True
+        if sys.version_info >= (2, 6):
+            req.outcookie['trac_auth']['httponly'] = True
 
     def _cookie_to_name(self, req, cookie):
         # This is separated from _get_name_for_cookie(), because the

File trac/web/main.py

             req.outcookie['trac_form_token']['path'] = req.base_path or '/'
             if self.env.secure_cookies:
                 req.outcookie['trac_form_token']['secure'] = True
+            if sys.version_info >= (2, 6):
+                req.outcookie['trac_form_token']['httponly'] = True
             return req.outcookie['trac_form_token'].value
 
     def _pre_process_request(self, req, chosen_handler):

File trac/web/session.py

 
 from __future__ import with_statement
 
+import sys
 import time
 
 from trac.admin.api import console_date_format
         self.req.outcookie[COOKIE_KEY]['expires'] = expires
         if self.env.secure_cookies:
             self.req.outcookie[COOKIE_KEY]['secure'] = True
+        if sys.version_info >= (2, 6):
+            self.req.outcookie[COOKIE_KEY]['httponly'] = True
 
     def get_session(self, sid, authenticated=False):
         refresh_cookie = False