[ã‚»ã‚ュリティ]httponlyã¯æ™®åŠã™ã‚‹ã®ã‹ (2006-12-26 - T.Teradaã®æ—¥è¨˜)Firefox2ã§ã‚‚httponlyãŒä½¿ãˆã‚‹ã¨ã„ã†è©±ã‚’耳ã«ã—ã¾ã—ãŸã€‚ httpOnly - Firefox Add-ons*1 httponlyãŒã„よã„よ普åŠã™ã‚‹ã‹ï¼Ÿ ã¨ã„ã†ã®ã§ãƒã‚¿ã«ã—ã¦ã¿ã¾ã™ã€‚ ãªãŠã€ã“ã®æ—¥è¨˜ã¯ã€WinXP+IE6SP2環境をå‰æã¨ã—ã¦æ›¸ãã¾ã—ãŸã€‚ ã¯ã˜ã‚ã« httponlyã¯ã€XSS脆弱性ãŒã‚る状æ³ã«ãŠã„ã¦ã‚‚ã€cookieを窃å–ã•ã‚Œãªã„よã†ã«ã™ã‚‹ã“ã¨ã‚’ç‹™ã£ãŸIEã®ç‹¬è‡ªæ©Ÿèƒ½ã§ã™ã€‚ MSDN - Mitigating Cross-site Scripting With HTTP-only Cookies ã“ã®æ©Ÿèƒ½ã‚’有効ã«ã™ã‚‹ãŸã‚ã«ã¯ã€ç™ºè¡Œã™ã‚‹cookieã«httponly属性を付ã‘ã¾ã™ã€‚ Set-Cookie: key=value; domain=example.com; HttpOnly httponly属性ãŒä»˜ã‘られãŸcookieã¯ã€JavaScriptã®docume
![[ã‚»ã‚ュリティ]httponlyã¯æ™®åŠã™ã‚‹ã®ã‹ (2006-12-26 - T.Teradaã®æ—¥è¨˜)](https://cdn-ak-scissors.b.st-hatena.com/image/square/e8a0aea5d375a69b5b38062b6dbabb4cf556055e/height=288;version=1;width=512/https%3A%2F%2Fogimage.blog.st-hatena.com%2F10257846132711010800%2F10257846132711097230%2F1548045809)
{{#tags}}- {{label}}
{{/tags}}