Reputation: 14737
Fix the issue of "Cookie Does Not Contain The HTTPOnly Attribute" on the client side
A recent security scan of my site indicates that the site has this issue:
Cookie Does Not Contain The "HTTPOnly" Attribute
I did research and found links about the fix. For example:
https://www.owasp.org/index.php/HttpOnly
However, all the links talk about doing some work on the server side through code or configuration. The way I do cookies on this site is adding/removing cookies via Javascript with the help of jquery-cookie found here
https://github.com/carhartl/jquery-cookie
So, how can I fix this security issue?
Updates
Thank @cody for pointing me to another post. Basically, no client-side solution. Then another question:
Do I have to migrate my cookie-related Javascript code into server-side code (e.g., C# in my case)? I guess the answer is yes. I also guess that server-side configuration only (IIS in my case) won't work. Just wanted to check with experts here.
Upvotes: 2
Views: 7713
Answers (0)
Related Questions
- How to read a HttpOnly cookie using JavaScript
- Cookie in header javascript error "Refused to set unsafe header "Cookie""
- HttpOnly Cookies not found in Web Inspector
- Set HttpOnly attribute of a cookie as "True" using javascript
- js-cookie not setting cookies when secure flag is enabled
- Uncaught Error: SECURITY_ERR: DOM Exception 18 when I try to set a cookie
- Issues setting cookie with jQuery
- javascript sets cookie as httponly
- Jquery Cookies Error
- Issue with Cookies