From 25fe13d6b0898fa5365fdb41b6c8a66ef2e18199 Mon Sep 17 00:00:00 2001 From: Ian Lee Date: Fri, 11 Nov 2016 04:01:48 -0800 Subject: [PATCH] [1.10.x] Fixed typo in docs/ref/settings.txt. Backport of 501c9930101060d63fb5c25c1dc0154a6c23b775 from master --- docs/ref/settings.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/ref/settings.txt b/docs/ref/settings.txt index d908c4d9df..fc1f0a8883 100644 --- a/docs/ref/settings.txt +++ b/docs/ref/settings.txt @@ -2939,7 +2939,7 @@ session cookie. HTTPOnly_ is a flag included in a Set-Cookie HTTP response header. It is not part of the :rfc:`2109` standard for cookies, and it isn't honored consistently by all browsers. However, when it is honored, it can be a -useful way to mitigate the risk of client side script accessing the +useful way to mitigate the risk of a client side script accessing the protected cookie data. Turning it on makes it less trivial for an attacker to escalate a cross-site