Forum List Message List New Topic Print View

Francis Daly

March 14, 2019 02:46PM

On Thu, Mar 14, 2019 at 07:32:49PM +0800, Sathish Kumar wrote:

Hi there,

> To fix Cross site scripting (XSS), I am trying to add below config but I am
> not seeing cookie in the response headers. Cookie in the browser still
> showing as not secure and not http.

Do you see a Set-Cookie: header in the response from upstream to nginx?

If you do not, your nginx config will not make a difference.

If you do see it in the response from upstream to nginx, and do not see
it in the response from nginx to the client, then there is something
interesting going on.

f
--
Francis Daly francis@daoine.org
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Reply Quote

RSS

Subject	Author	Posted
Cookie HTTP Only & Secure	Sathish Kumar	March 14, 2019 07:34AM
Re: Cookie HTTP Only & Secure	Francis Daly	March 14, 2019 02:46PM

Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 116

Record Number of Users: 8 on April 13, 2023

Record Number of Guests: 421 on December 02, 2018

Cookie HTTP Only & Secure

Re: Cookie HTTP Only & Secure

Online Users