Re: [XMLHttpRequest-tests][eventsource-tests][websockets-tests] Set httponly for cookies to enhance security (#1082) from Hallvord R. M. Steen on 2014-06-30 (public-web-platform-tests-notifications@w3.org from June 2014)

From: Hallvord R. M. Steen <web-platform-tests-notifications@w3.org>
Date: Mon, 30 Jun 2014 11:36:02 GMT
To: public-web-platform-tests-notifications@w3.org
Message-Id: <<web-platform-tests_issue_1082_1404128162863@w3.org>>

This may break a current or future use of those resource files. We may have or want to write tests that use JavaScript to read cookies. Also, these cookies are not security-sensitive - they are merely set for testing - so there's no gain in making them httponly.

Feel free to add a separate resource file dedicated to testing httponly cookies if you need this!

View on GitHub: https://github.com/w3c/web-platform-tests/pull/1082#issuecomment-47521470

Received on Monday, 30 June 2014 11:36:11 UTC