Skip to content

fix: use httponly flag on coder_signed_app_token cookie #18989

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Jul 22, 2025
Merged

fix: use httponly flag on coder_signed_app_token cookie #18989

merged 1 commit into from
Jul 22, 2025

Conversation

deansheather
Copy link
Member

This cookie is only used by the server, not by any JS code anywhere.

jdomeracki-coder
jdomeracki-coder approved these changes Jul 22, 2025
View reviewed changes
Copy link
Contributor

@jdomeracki-coder jdomeracki-coder left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

+1, as discussed on Discord

@deansheather deansheather merged commit 62dc831 into main Jul 22, 2025
33 checks passed
@deansheather deansheather deleted the dean/cookie-http-only branch July 22, 2025 12:44
@github-actions github-actions bot locked and limited conversation to collaborators Jul 22, 2025
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@Emyrk Emyrk Emyrk approved these changes

@jdomeracki-coder jdomeracki-coder jdomeracki-coder approved these changes

Assignees

@deansheather deansheather

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@deansheather @Emyrk @jdomeracki-coder