From 552e50074e888eebe99b704079f4f47a98454056 Mon Sep 17 00:00:00 2001
From: Toby Zerner <toby.zerner@gmail.com>
Date: Mon, 14 Sep 2015 14:40:05 +0930
Subject: [PATCH] Set cookies to be HTTP only

---
 framework/core/src/Forum/Actions/WritesRememberCookie.php | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/framework/core/src/Forum/Actions/WritesRememberCookie.php b/framework/core/src/Forum/Actions/WritesRememberCookie.php
index a52872ed4..24e61d80f 100644
--- a/framework/core/src/Forum/Actions/WritesRememberCookie.php
+++ b/framework/core/src/Forum/Actions/WritesRememberCookie.php
@@ -24,6 +24,7 @@ trait WritesRememberCookie
             SetCookie::create('flarum_remember', $token)
                 ->withMaxAge(14 * 24 * 60 * 60)
                 ->withPath('/')
+                ->withHttpOnly(true)
         );
     }
 
@@ -35,6 +36,7 @@ trait WritesRememberCookie
             SetCookie::create('flarum_remember')
                 ->withMaxAge(-2628000)
                 ->withPath('/')
+                ->withHttpOnly(true)
         );
     }
 }