Manual:$wgCookieHttpOnly/cs

Podrobnosti
Nastaví příznak  u všech souborů cookie nastavených MediaWiki (pro zamezení přístupu z JavaScriptu viz část 6.1.2.6 z ). This can mitigate some classes of XSS attacks.

Browsers known to support HttpOnly

 * IE/Win 6 SP1 or 7
 * Firefox 2.0.0.5+
 * Opera 9.50 beta
 * Konqueror (3.4?)

Browsers known to ignore HttpOnly
Browsers that don't understand HttpOnly cookies should still store and use the cookie as normal, but will still expose them to JavaScript code.


 * Safari 3.1
 * Opera 9.27 ( current non-Beta release )
 * Old scary browsers like IE for Mac and Netscape 4 ;)