Welcome! Log In Create A New Profile

Advanced

Re: Cookie HTTP Only & Secure

Francis Daly
March 14, 2019 02:46PM
On Thu, Mar 14, 2019 at 07:32:49PM +0800, Sathish Kumar wrote:

Hi there,

> To fix Cross site scripting (XSS), I am trying to add below config but I am
> not seeing cookie in the response headers. Cookie in the browser still
> showing as not secure and not http.

Do you see a Set-Cookie: header in the response from upstream to nginx?

If you do not, your nginx config will not make a difference.

If you do see it in the response from upstream to nginx, and do not see
it in the response from nginx to the client, then there is something
interesting going on.

f
--
Francis Daly francis@daoine.org
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Subject Author Posted

Cookie HTTP Only & Secure

Sathish Kumar March 14, 2019 07:34AM

Re: Cookie HTTP Only & Secure

Francis Daly March 14, 2019 02:46PM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 108
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready