How to solve "Cookie(s) without HttpOnly flag set", "Disable OPTIONS Method" and "CORS (Cross-Origin Resource Sharing) origin validation failure" problems?
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
- To: Users Maillingsliste Apache <users@xxxxxxxxxxxxxxxx>
- Subject: How to solve "Cookie(s) without HttpOnly flag set", "Disable OPTIONS Method" and "CORS (Cross-Origin Resource Sharing) origin validation failure" problems?
- From: Jason Long <hack3rcon@xxxxxxxxxxxxxxxxxxxxx>
- Date: Sun, 29 Aug 2021 14:39:30 +0000 (UTC)
- Reply-to: users@xxxxxxxxxxxxxxxx
Hello,
I scanned my website with the Acunetix tool and below vulnerabilities found:
1- Cookie(s) without HttpOnly flag set
2- Disable OPTIONS Method
3- CORS (Cross-Origin Resource Sharing) origin validation failure
To solve these problems, I added below lines to my Virtual Host configuration file and restarted the Apache service:
Header always edit Set-Cookie (.*) "$1;HttpOnly;Secure;samesite=lax"
<Location />
<LimitExcept GET POST>
order deny,allow
deny from all
</LimitExcept>
</Location>
Header set Access-Control-Allow-Credentials "true"
But problems existed. How to solve them?
Thank you.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]
[Open SSH Users]
[Linux ACPI]
[Linux Kernel]
[Linux Laptop]
[Kernel Newbies]
[Security]
[Netfilter]
[Bugtraq]
[Squid]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Samba]
[Video 4 Linux]
[Device Mapper]
