1 new commit in galaxy-central: https://bitbucket.org/galaxy/galaxy-central/changeset/dc749983abdf/ changeset: dc749983abdf user: dannon date: 2012-09-17 18:27:03 summary: Prevent galaxy session cookie from being accessed via script. We don't use it via js anywhere, only other cookies specifically set for dynatree/genetrack. affected #: 1 file diff -r 38015598badbfe47112bda3d6894a5a2c9bc9200 -r dc749983abdf243d6ff9a8295d917a2cec475771 lib/galaxy/web/framework/__init__.py --- a/lib/galaxy/web/framework/__init__.py +++ b/lib/galaxy/web/framework/__init__.py @@ -347,6 +347,7 @@ tstamp = time.localtime ( time.time() + 3600 * 24 * age ) self.response.cookies[name]['expires'] = time.strftime( '%a, %d-%b-%Y %H:%M:%S GMT', tstamp ) self.response.cookies[name]['version'] = version + self.response.cookies[name]['httponly'] = True def _ensure_valid_session( self, session_cookie, create=True): """ Ensure that a valid Galaxy session exists and is available as Repository URL: https://bitbucket.org/galaxy/galaxy-central/ -- This is a commit notification from bitbucket.org. You are receiving this because you have the service enabled, addressing the recipient of this email.