From 190aa925acfb5f8bd586a51b81678b989c8ae351 Mon Sep 17 00:00:00 2001
From: Toby Zerner <toby.zerner@gmail.com>
Date: Mon, 14 Sep 2015 14:40:05 +0930
Subject: [PATCH] Set cookies to be HTTP only

---
 src/Forum/Actions/WritesRememberCookie.php | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/Forum/Actions/WritesRememberCookie.php b/src/Forum/Actions/WritesRememberCookie.php
index a52872ed4..24e61d80f 100644
--- a/src/Forum/Actions/WritesRememberCookie.php
+++ b/src/Forum/Actions/WritesRememberCookie.php
@@ -24,6 +24,7 @@ trait WritesRememberCookie
             SetCookie::create('flarum_remember', $token)
                 ->withMaxAge(14 * 24 * 60 * 60)
                 ->withPath('/')
+                ->withHttpOnly(true)
         );
     }
 
@@ -35,6 +36,7 @@ trait WritesRememberCookie
             SetCookie::create('flarum_remember')
                 ->withMaxAge(-2628000)
                 ->withPath('/')
+                ->withHttpOnly(true)
         );
     }
 }