From e6c8b6c2ca010ec9cdea46fd7eaf9e9fe7f7fd26 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=A9r=C3=A9my=20Deruss=C3=A9?= <jeremy@derusse.com>
Date: Mon, 27 Jul 2015 09:40:03 +0200
Subject: [PATCH] Change default value of cookie_httponly

---
 reference/configuration/framework.rst | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/reference/configuration/framework.rst b/reference/configuration/framework.rst
index 8732bddb03f..2252f5b665c 100644
--- a/reference/configuration/framework.rst
+++ b/reference/configuration/framework.rst
@@ -774,7 +774,7 @@ This determines whether cookies should only be sent over secure connections.
 cookie_httponly
 ...............
 
-**type**: ``boolean`` **default**: ``false``
+**type**: ``boolean`` **default**: ``true``
 
 This determines whether cookies should only be accessible through the HTTP
 protocol. This means that the cookie won't be accessible by scripting