pump.io icon indicating copy to clipboard operation
pump.io copied to clipboard

Published 20 hours ago verified publisher icon pump-io

Consider setting HttpOnly flag on session cookie

Open strugee opened this issue 7 years ago • 0 comments

I believe we should be able to do this since the web UI acquires its own OAuth tokens and does stuff with that. Although I guess if it's compromised via an XSS attack the XSS code could maybe just steal the OAuth tokens? I think this depends on how we scope things out. I may end up filing a followup to audit that.

strugee avatar Jun 19 '18 06:06 strugee