Tighten up cookie security

Mark all cookies as Secure, and the cookies which are not modified client side as HttpOnly.
2021-02-19 18:18:13 +00:00 · 2021-02-19 18:18:13 +00:00 · f91dd6afc2
commit f91dd6afc2
parent 56a2aa8efa
3 changed files with 4 additions and 11 deletions
--- a/app/assets/javascripts/index/directions.js
+++ b/app/assets/javascripts/index/directions.js
@ -334,7 +334,7 @@ OSM.Directions = function (map) {

  select.on("change", function (e) {
    chosenEngine = engines[e.target.selectedIndex];
-    $.cookie("_osm_directions_engine", chosenEngine.id, { expires: expiry, path: "/" });
+    $.cookie("_osm_directions_engine", chosenEngine.id, { secure: true, expires: expiry, path: "/" });
    getRoute(true, true);
  });