Skip to content

Fix HttpOnly Cookie fallout #631

New issue
New issue
Open
Open
Fix HttpOnly Cookie fallout#631
Assignees
mewilker
Labels
bugSomething isn't workingclean-upSomething in the code is a mess and needs refactoring
@mewilker

Description

@mewilker
mewilker
opened on Jan 28, 2026

As part of PR #628, I made it so that the auth token placed in cookies were HttpOnly. This prevents Cross-site scripting attacks. However, this means that the frontend is unable to access the token, causing some small issues when the PR went live. This issue entails:

  1. Figuring out if there are more features affected by changing the token cookie to HttpOnly
  2. Fixing said issues.

I suspect that the Test Student may need to be tweaked. There may be other things I find that need to be changed.

Metadata

Metadata

Assignees

Labels

bugSomething isn't workingclean-upSomething in the code is a mess and needs refactoring

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions