From 0560c7399cd20b8cf8d3258dcca70014ef185283 Mon Sep 17 00:00:00 2001 From: Clayton O'Neill Date: Tue, 8 Jul 2014 13:39:41 +0000 Subject: [PATCH] Don't recommend setting SESSION_COOKIE_HTTPONLY This setting is already defaults to true, so there is no need to recommend that people set this option to prevent cross site scripting. Closes-Bug: 1333407 Change-Id: If5c8f3cba31f6e613ec17af81cff8d15cd2f8f19 --- doc/source/topics/deployment.rst | 1 - 1 file changed, 1 deletion(-) diff --git a/doc/source/topics/deployment.rst b/doc/source/topics/deployment.rst index 9a57afdabd..5a1c8f02e5 100644 --- a/doc/source/topics/deployment.rst +++ b/doc/source/topics/deployment.rst @@ -210,7 +210,6 @@ following to ``local_settings.py``:: CSRF_COOKIE_SECURE = True SESSION_COOKIE_SECURE = True - SESSION_COOKIE_HTTPONLY = True Note that the CSRF_COOKIE_SECURE option is only available from Django 1.4. It does no harm to have the setting in earlier versions, but it does not take effect.