aboutsummaryrefslogtreecommitdiffstats
path: root/guides
diff options
context:
space:
mode:
authorRafael Mendonça França <rafaelmfranca@gmail.com>2015-03-27 16:45:33 -0300
committerRafael Mendonça França <rafaelmfranca@gmail.com>2015-03-27 16:45:33 -0300
commit6e8f6ff3f02e19f687493b26b1e2fe5a1ef0bcb6 (patch)
tree1b23e1da90de09c137f60f8d88b649396b324bb9 /guides
parent9c3c07b325fbc28a2b1ffcc4a0fc764c35d4bb20 (diff)
parent2e1fefffabf78d05ca5f9a93c150a6a33cf97194 (diff)
downloadrails-6e8f6ff3f02e19f687493b26b1e2fe5a1ef0bcb6.tar.gz
rails-6e8f6ff3f02e19f687493b26b1e2fe5a1ef0bcb6.tar.bz2
rails-6e8f6ff3f02e19f687493b26b1e2fe5a1ef0bcb6.zip
Merge pull request #19562 from mechanicles/remove-old-link
Remove old and not working link. [ci skip]
Diffstat (limited to 'guides')
-rw-r--r--guides/source/security.md2
1 files changed, 1 insertions, 1 deletions
diff --git a/guides/source/security.md b/guides/source/security.md
index e486edde31..184af98d65 100644
--- a/guides/source/security.md
+++ b/guides/source/security.md
@@ -710,7 +710,7 @@ The log files on www.attacker.com will read like this:
GET http://www.attacker.com/_app_session=836c1c25278e5b321d6bea4f19cb57e2
```
-You can mitigate these attacks (in the obvious way) by adding the [httpOnly](http://dev.rubyonrails.org/ticket/8895) flag to cookies, so that document.cookie may not be read by JavaScript. Http only cookies can be used from IE v6.SP1, Firefox v2.0.0.5 and Opera 9.5. Safari is still considering, it ignores the option. But other, older browsers (such as WebTV and IE 5.5 on Mac) can actually cause the page to fail to load. Be warned that cookies [will still be visible using Ajax](http://ha.ckers.org/blog/20070719/firefox-implements-httponly-and-is-vulnerable-to-xmlhttprequest/), though.
+You can mitigate these attacks (in the obvious way) by adding the **httpOnly** flag to cookies, so that document.cookie may not be read by JavaScript. Http only cookies can be used from IE v6.SP1, Firefox v2.0.0.5 and Opera 9.5. Safari is still considering, it ignores the option. But other, older browsers (such as WebTV and IE 5.5 on Mac) can actually cause the page to fail to load. Be warned that cookies [will still be visible using Ajax](http://ha.ckers.org/blog/20070719/firefox-implements-httponly-and-is-vulnerable-to-xmlhttprequest/), though.
##### Defacement