summaryrefslogtreecommitdiff
path: root/rt/etc/RT_Config.pm.in
diff options
context:
space:
mode:
Diffstat (limited to 'rt/etc/RT_Config.pm.in')
-rw-r--r--rt/etc/RT_Config.pm.in13
1 files changed, 13 insertions, 0 deletions
diff --git a/rt/etc/RT_Config.pm.in b/rt/etc/RT_Config.pm.in
index ea64a2e01..1df9c66fd 100644
--- a/rt/etc/RT_Config.pm.in
+++ b/rt/etc/RT_Config.pm.in
@@ -1235,6 +1235,19 @@ via SSL encrypted HTTP connections.
Set($WebSecureCookies, 0);
+=item C<$WebHttpOnlyCookies>
+
+Default RT's session cookie to not being directly accessible to
+javascript. The content is still sent during regular and AJAX requests,
+and other cookies are unaffected, but the session-id is less
+programmatically accessible to javascript. Turning this off should only
+be necessary in situations with odd client-side authentication
+requirements.
+
+=cut
+
+Set($WebHttpOnlyCookies, 1);
+
=item C<$WebFlushDbCacheEveryRequest>
By default, RT clears its database cache after every page view.
generated by cgit v1.2.1 (git 2.18.0) at 2025-01-09 07:25:46 +0000