Hello, Any idea? On Sunday, August 29, 2021, 07:13:07 PM GMT+4:30, Jason Long <hack3rcon@xxxxxxxxx.invalid> wrote: Hello, I scanned my website with the Acunetix tool and below vulnerabilities found: 1- Cookie(s) without HttpOnly flag set 2- Disable OPTIONS Method 3- CORS (Cross-Origin Resource Sharing) origin validation failure To solve these problems, I added below lines to my Virtual Host configuration file and restarted the Apache service: Header always edit Set-Cookie (.*) "$1;HttpOnly;Secure;samesite=lax" <Location /> <LimitExcept GET POST> order deny,allow deny from all </LimitExcept> </Location> Header set Access-Control-Allow-Credentials "true" But problems existed. How to solve them? Thank you. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|