As part of PR #628, I made it so that the auth token placed in cookies were HttpOnly. This prevents Cross-site scripting attacks. However, this means that the frontend is unable to access the token, causing some small issues when the PR went live. This issue entails:
- Figuring out if there are more features affected by changing the token cookie to
HttpOnly
- Fixing said issues.
I suspect that the Test Student may need to be tweaked. There may be other things I find that need to be changed.
As part of PR #628, I made it so that the auth token placed in cookies were
HttpOnly. This prevents Cross-site scripting attacks. However, this means that the frontend is unable to access the token, causing some small issues when the PR went live. This issue entails:HttpOnlyI suspect that the Test Student may need to be tweaked. There may be other things I find that need to be changed.