Set cookies HttpOnly.

IkiWiki/CGI.pm

@@ -14,9 +14,10 @@ sub printheader ($) { #{{{
 	
 	if ($config{sslcookie}) {
 		print $session->header(-charset => 'utf-8',
-			-cookie => $session->cookie(-secure => 1));
+			-cookie => $session->cookie(-httponly => 1, -secure => 1));
 	} else {
-		print $session->header(-charset => 'utf-8');
+		print $session->header(-charset => 'utf-8',
+			-cookie => $session->cookie(-httponly => 1));
 	}
 } #}}}
 

debian/changelog

@@ -1,3 +1,9 @@
+ikiwiki (2.62.2) UNRELEASED; urgency=low
+
+  * Set cookies HttpOnly.
+
+ -- Joey Hess <joeyh@debian.org>  Thu, 28 Aug 2008 16:08:18 -0400
+
 ikiwiki (2.62.1) unstable; urgency=low
 
   * filecheck: Fixed two bits broken in move from attachment.