Fix #397 - use httpOnly in cookies

Classes/Service/ClientService.php

@@ -57,12 +57,14 @@ public function runSingleRequest(string $url): int
  protected function getCallableClient(string $domain): Client
  {
  $jar = GeneralUtility::makeInstance(CookieJar::class);
+ /** @var SetCookie $cookie */
  $cookie = GeneralUtility::makeInstance(SetCookie::class);
  $cookie->setName(CookieService::FE_COOKIE_NAME);
  $cookie->setValue('1');
  $cookie->setPath('/');
  $cookie->setExpires((new DateTimeService())->getCurrentTime() + 3600);
  $cookie->setDomain($domain);
+ $cookie->setHttpOnly(true);
  $jar->setCookie($cookie);
  $options = [
  'cookies' => $jar,

Classes/Service/CookieService.php

@@ -31,7 +31,7 @@ public function setCookie(int $lifetime): void
  if ($lifetime !== self::SESSION_LIFETIME) {
  $lifetime += $this->dateTimeService->getCurrentTime();
  }
- setcookie(self::FE_COOKIE_NAME, 'typo_user_logged_in', $lifetime, '/', $this->getCookieDomain(), GeneralUtility::getIndpEnv('TYPO3_SSL'));
+ setcookie(self::FE_COOKIE_NAME, 'typo_user_logged_in', $lifetime, '/', $this->getCookieDomain(), GeneralUtility::getIndpEnv('TYPO3_SSL'), true);
  }
 
  /**