Manual:$wgCookieHttpOnly

From MediaWiki.org
Jump to navigation Jump to search
This page is a translated version of the page Manual:$wgCookieHttpOnly and the translation is 41% complete.

Other languages:
English • ‎polski • ‎日本語
Cookie: $wgCookieHttpOnly
Set the httpOnly flag on all cookies set by MediaWiki (to prevent access from JavaScript).
導入されたバージョン:1.13.0
除去されたバージョン:使用中
許容される値:(真偽値)
既定値:true on PHP 5.2 or later, false on earlier

詳細

Set the httpOnly flag on all cookies set by MediaWiki (to prevent access from JavaScript, see section 6.1.2.6 of RFC 6265). This can mitigate some classes of XSS attacks.

Browsers known to support HttpOnly

  • IE/Win 6 SP1または7
  • Firefox 2.0.0.5+
  • Opera 9.50 beta
  • Konqueror (3.4?)

Browsers known to ignore HttpOnly

Browsers that don't understand HttpOnly cookies should still store and use the cookie as normal, but will still expose them to JavaScript code.

  • Safari 3.1
  • Opera 9.27 (現状の製品版リリース (非ベータ))
  • Old scary browsers like IE for Mac and Netscape 4 ;)

関連項目

外部リンク