Podręcznik:$wgCookieHttpOnly
Appearance
Cookies: $wgCookieHttpOnly | |
---|---|
Set the httpOnly flag on all cookies set by MediaWiki (to prevent access from JavaScript). |
|
Wprowadzono w wersji: | 1.13.0 |
Usunięto w wersji: | nadal w użyciu |
Dozwolone wartości: | (wartość logiczna) |
Domyślna wartość: | true on PHP 5.2 or later, false on earlier |
Inne ustawienia: Alfabetycznie | Według funkcji |
Szczegóły
Set the httpOnly
flag on all cookies set by MediaWiki (to prevent access from JavaScript, see section 6.1.2.6 of RFC 6265).
This can mitigate some classes of XSS attacks.
Browsers known to support HttpOnly
- IE/Win 6 SP1 lub 7
- Firefox 2.0.0.5+
- Opera 9.50 beta
- Konqueror (3.4?)
Browsers known to ignore HttpOnly
Browsers that don't understand HttpOnly cookies should still store and use the cookie as normal, but will still expose them to JavaScript code.
- Safari 3.1
- Opera 9.27 (current non-Beta release)
- Old scary browsers like IE for Mac and Netscape 4 ;)
Zobacz też