From 58806ce1530305390f593cc78b66d77443c6e1b2 Mon Sep 17 00:00:00 2001 From: Preston Holmes Date: Wed, 17 Oct 2012 14:57:58 -0700 Subject: [PATCH] Fixed an error in the set cookie documentation --- docs/ref/request-response.txt | 8 +++++--- docs/topics/http/sessions.txt | 3 +++ 2 files changed, 8 insertions(+), 3 deletions(-) diff --git a/docs/ref/request-response.txt b/docs/ref/request-response.txt index 1585981733..d435822a8d 100644 --- a/docs/ref/request-response.txt +++ b/docs/ref/request-response.txt @@ -16,7 +16,8 @@ passing the :class:`HttpRequest` as the first argument to the view function. Each view is responsible for returning an :class:`HttpResponse` object. This document explains the APIs for :class:`HttpRequest` and -:class:`HttpResponse` objects. +:class:`HttpResponse` objects, which are defined in the :mod:`django.http` +module. HttpRequest objects =================== @@ -28,7 +29,8 @@ HttpRequest objects Attributes ---------- -All attributes except ``session`` should be considered read-only. +All attributes should be considered read-only, unless stated otherwise below. +``session`` is a notable exception. .. attribute:: HttpRequest.body @@ -648,7 +650,7 @@ Methods Returns ``True`` or ``False`` based on a case-insensitive check for a header with the given name. -.. method:: HttpResponse.set_cookie(key, value='', max_age=None, expires=None, path='/', domain=None, secure=None, httponly=True) +.. method:: HttpResponse.set_cookie(key, value='', max_age=None, expires=None, path='/', domain=None, secure=None, httponly=False) .. versionchanged:: 1.3 diff --git a/docs/topics/http/sessions.txt b/docs/topics/http/sessions.txt index 467e702ff7..47bb7bb3c3 100644 --- a/docs/topics/http/sessions.txt +++ b/docs/topics/http/sessions.txt @@ -516,6 +516,9 @@ consistently by all browsers. However, when it is honored, it can be a useful way to mitigate the risk of client side script accessing the protected cookie data. +.. versionchanged:: 1.4 + The default value of the setting was changed from ``False`` to ``True``. + .. _HTTPOnly: https://www.owasp.org/index.php/HTTPOnly SESSION_COOKIE_NAME