For security purpose i want to add httponly true in the csrftoken cookie
Anyone know that from where we can add httponly true in the csrf token cookie ?
Did it affected to the other functions?
please guide me on what can I do. Thanks in Advance
Thanks @Tim_McCormack for the reply
But this may cause of certain client-side attacks, such as cross-site scripting and trivially capturing the cookie’s value via an injected script.
so it is okay to not make httponly to this cookie?
[EDIT: Missing word “prevention” in the first sentence.]