1 2 3 4 5 6 7 | from django.conf import settings
class cookie_httponly:
def process_response(self, request, response):
if response.cookies.has_key(settings.SESSION_COOKIE_NAME):
response.cookies[settings.SESSION_COOKIE_NAME]['httponly'] = True
return response
|
Comments
+1.
You know it is a bit odd that Django has not adapted this the right way, that is by adding it to the Set-Cookie header in the first place.
If anyone else is interested about this see also the article about importance of this in Coding Horror, and the ticket #3304 in Django ticket system about the addition of HttpOnly.
#