Opened 11 years ago
Closed 10 years ago
#11171 closed enhancement (wontfix)
Reintroduce httponly_cookies configuration option.
| Reported by: | Owned by: | ||
|---|---|---|---|
| Priority: | normal | Milestone: | |
| Component: | general | Version: | |
| Severity: | normal | Keywords: | |
| Cc: | Branch: | ||
| Release Notes: | |||
| API Changes: | |||
| Internal Changes: | |||
Description
As previously discussed in ticket #10453 all cookies got a HttpOnly attribute set on. By that time, there weren't known plugins or macros, that would need trac_auth or trac_form_token cookies, so the option was hardcoded to be always True.
Here's one Macro, that requires cookie visibility:
https://projects.developer.nokia.com/TracKanbanBoard
Therefore I'm reintroducing the dropped configuration option in attached diff.
Attachments (1)
Change History (3)
by , 11 years ago
| Attachment: | http_only.diff added |
|---|
comment:1 by , 11 years ago
| Milestone: | 1.0.2 |
|---|
Milestone should be set by a Trac committer, if someone chooses to pick this one up. Unsetting the milestone for now.
comment:2 by , 10 years ago
| Resolution: | → wontfix |
|---|---|
| Status: | new → closed |
The plugin should use req.authname == 'anonymous' and add_script_data(req, {'kanban_require_login': True}) in KanbanBoardMacro rather than accessing document.cookie in kanbanboard.js.
http_only patch