发表新帖
发表新帖

Add Secure and httpOnly Flags to Every Set-Cookie Response in Apache httpd

后端 未结
关注
4 824
我在风中等你
我在风中等你 2021-01-30 18:20

I\'m running Apache 2.2.26:

Server version: Apache/2.2.26 (Unix)
Server built:   Jan 17 2014 12:24:49
Cpanel::Easy::Apache v3.22.30 rev9999 +cloudlinux
4条回答
  • 挽巷
    挽巷 (楼主)
    2021-01-30 18:48

    I was trying to set http, secure and samesite=strict on cookies.

    This worked for me:

    Header edit Set-Cookie ^(.*)$ $1;HttpOnly;Secure

    Samesite=strict provides protection againsts XSRF.

    Header edit Set-Cookie ^(.*)$ $1;HttpOnly;Secure;SameSite=strict

    Hope it helps.

    0 讨论(0)
 看不清?
提交回复
热议问题