]> git.mxchange.org Git - pizzaservice-war.git/blobdiff - web/WEB-INF/web.xml
projects / pizzaservice-war.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
added some http-only configuration to avoid common XSS
[pizzaservice-war.git] / web / WEB-INF / web.xml
diff --git a/web/WEB-INF/web.xml b/web/WEB-INF/web.xml
index 288c1c7c32c450caaae32a2f6027d272e79304c7..1cc23f32f58aeeb53405c89a47b3c2434b016c60 100644 (file)
--- a/web/WEB-INF/web.xml
+++ b/web/WEB-INF/web.xml
@@ -27,8 +27,11 @@
     </servlet-mapping>
     <session-config>
         <session-timeout>
-                       30
-               </session-timeout>
+            30
+        </session-timeout>
+        <cookie-config>
+            <http-only>true</http-only>
+        </cookie-config>
     </session-config>
     <welcome-file-list>
         <welcome-file>faces/index.xhtml</welcome-file>
Unnamed repository; edit this file 'description' to name the repository.