Merge "Do not set the HttpOnly flag for XSRF-token cookie"

commit: ce6ddb6a4ee187c44d73e82baeb28fadd3cda4e2 [log] [tgz]
author: Thomas Dräbing <thomas.draebing@sap.com> Wed Sep 11 13:06:00 2024 +0000
committer: Gerrit Code Review <noreply-gerritcodereview@google.com> Wed Sep 11 13:06:00 2024 +0000
tree: cc63608a21c5c22e59dc7291e6ef2ffe95027ffd
parent: 558fa8cfb853d546fecccc69c5e58ab176bdc13d [diff]
parent: 4c04059298e7408160a7556b0909f027a88d9d9f [diff]
diff --git a/java/com/google/gerrit/httpd/XsrfCookieFilter.java b/java/com/google/gerrit/httpd/XsrfCookieFilter.java
index 1ec2649..079efa4 100644
--- a/java/com/google/gerrit/httpd/XsrfCookieFilter.java
+++ b/java/com/google/gerrit/httpd/XsrfCookieFilter.java

@@ -65,7 +65,6 @@
     Cookie c = new Cookie(XsrfConstants.XSRF_COOKIE_NAME, nullToEmpty(v));
     c.setPath("/");
     c.setSecure(authConfig.getCookieSecure() && isSecure(req));
-    c.setHttpOnly(authConfig.getCookieHttpOnly());
     c.setMaxAge(
         v != null
             ? -1 // Set the cookie for this browser session.
commit	ce6ddb6a4ee187c44d73e82baeb28fadd3cda4e2	[log] [tgz]
author	Thomas Dräbing <thomas.draebing@sap.com>	Wed Sep 11 13:06:00 2024 +0000
committer	Gerrit Code Review <noreply-gerritcodereview@google.com>	Wed Sep 11 13:06:00 2024 +0000
tree	cc63608a21c5c22e59dc7291e6ef2ffe95027ffd
parent	558fa8cfb853d546fecccc69c5e58ab176bdc13d [diff]
parent	4c04059298e7408160a7556b0909f027a88d9d9f [diff]