Handbuch:$wgCookieHttpOnly

This page is a translated version of the page Manual:$wgCookieHttpOnly and the translation is 35% complete.

Cookies: $wgCookieHttpOnly
Set the `httpOnly` flag on all cookies set by MediaWiki (to prevent access from JavaScript).
Eingeführt in Version:	1.13.0
Entfernt in Version:	Weiterhin vorhanden
Erlaubte Werte:	(Wahrheitswert)
Standardwert:	true auf PHP 5.2 und höher, false in früheren Versionen
Andere Einstellungen: Alphabetisch \| Nach Funktion

Details

Set the httpOnly flag on all cookies set by MediaWiki (to prevent access from JavaScript, see section 6.1.2.6 of RFC 6265). This can mitigate some classes of XSS attacks.

Browsers known to support HttpOnly

IE/Win 6 SP1 or 7

Firefox 2.0.0.5+
Opera 9.50 beta
Konqueror (3.4?)

Browsers known to ignore HttpOnly

Browsers that don't understand HttpOnly cookies should still store and use the cookie as normal, but will still expose them to JavaScript code.

Safari 3.1
Opera 9.27 (current non-Beta release)

Old scary browsers like IE for Mac and Netscape 4 ;)

Siehe auch

Handbuch:$wgCookieSecure

Externe Links