Secure cookie with HttpOnly and Secure in Apache Ubuntu

By -

 This is a new security feature introduced by Microsoft in IE 6 SP1 to mitigate the possibility of a successful Cross-Site scripting attack by not allowing cookies with the HTTP only attribute to be accessed via client-side scripts.

We can mitigate most common XSS attacks in our web application using HttpOnly and Secure flag with cookie.

Implementation Procedure in Apache2

  • Ensure that mod_headers.so are enabled in Apache HTTP server
  • Add below line in httpd.conf 
          Header edit Set-Cookie ^(.*)$ $1;HttpOnly;Secure
  • Restart Apache HTTP server to test ( sudo systemctl restart apache2 )

Note: You can check either leverage the browser’s inbuilt developer tools to check the response header or use an online tool.

Comments

Post a Comment

Popular posts from this blog

Stop video playing when Bootstrap modal is closed

By -
If you want add a video to a Bootstrap Modal and either dismiss or close the modal  while the video is playing the video will keep on playing when you open again. So you can adjust this behaviour by adding in some JavaScript that acts to stop the video if either the modal window is clicked to close or the background is clicked to dismiss the modal. Add below JavaScript code in your files <script> jQuery(' #keredariModal ').on('hidden.bs.modal', function (e) { // do something... jQuery(' # keredariModal video ').attr("src", jQuery(" # keredariModal video ").attr("src")); }); </script>    Note: Please replace your Model ID
Read more

Creating Protected routes in ReactJS

By -
Protected routes are very important for any web application. Below are the code to create authenticated routes that only certain users can access based on their authentication roles. import   React , {  Component  }  from   'react' ; import  {  BrowserRouter   as   Router ,  Route ,  Switch ,  Redirect  }  from   'react-router-dom' ; import   commonService   from   './core/services/commonService' ; import   './App.css' ; import   Loader   from   './views/Loader/Loader' ; // Containers const   FrontEndLayout  =  React . lazy (()  =>   import ( './containers/FrontEndLayout/FrontEndLayout' )); const   UserLayout  =  React . lazy (()  =>   import ( './containers/UserLayout/UserLayout' )); const   loading  = ()  =>   < Loader   /> ; class   App ...
Read more