aboutsummaryrefslogtreecommitdiffstats
path: root/guides
diff options
context:
space:
mode:
authorSantosh Wadghule <santosh.wadghule@gmail.com>2015-03-28 01:02:46 +0530
committerSantosh Wadghule <santosh.wadghule@gmail.com>2015-03-28 01:09:52 +0530
commit2e1fefffabf78d05ca5f9a93c150a6a33cf97194 (patch)
treee1bdd337d8a324da4ca36efa1eb8ef599c24f1ed /guides
parent72a02f98614261741d39432b239cded410f46b74 (diff)
downloadrails-2e1fefffabf78d05ca5f9a93c150a6a33cf97194.tar.gz
rails-2e1fefffabf78d05ca5f9a93c150a6a33cf97194.tar.bz2
rails-2e1fefffabf78d05ca5f9a93c150a6a33cf97194.zip
Remove old and not working link. [ci skip]
Diffstat (limited to 'guides')
-rw-r--r--guides/source/security.md2
1 files changed, 1 insertions, 1 deletions
diff --git a/guides/source/security.md b/guides/source/security.md
index e486edde31..184af98d65 100644
--- a/guides/source/security.md
+++ b/guides/source/security.md
@@ -710,7 +710,7 @@ The log files on www.attacker.com will read like this:
GET http://www.attacker.com/_app_session=836c1c25278e5b321d6bea4f19cb57e2
```
-You can mitigate these attacks (in the obvious way) by adding the [httpOnly](http://dev.rubyonrails.org/ticket/8895) flag to cookies, so that document.cookie may not be read by JavaScript. Http only cookies can be used from IE v6.SP1, Firefox v2.0.0.5 and Opera 9.5. Safari is still considering, it ignores the option. But other, older browsers (such as WebTV and IE 5.5 on Mac) can actually cause the page to fail to load. Be warned that cookies [will still be visible using Ajax](http://ha.ckers.org/blog/20070719/firefox-implements-httponly-and-is-vulnerable-to-xmlhttprequest/), though.
+You can mitigate these attacks (in the obvious way) by adding the **httpOnly** flag to cookies, so that document.cookie may not be read by JavaScript. Http only cookies can be used from IE v6.SP1, Firefox v2.0.0.5 and Opera 9.5. Safari is still considering, it ignores the option. But other, older browsers (such as WebTV and IE 5.5 on Mac) can actually cause the page to fail to load. Be warned that cookies [will still be visible using Ajax](http://ha.ckers.org/blog/20070719/firefox-implements-httponly-and-is-vulnerable-to-xmlhttprequest/), though.
##### Defacement