网信办给客户发的网站安全风险会话Cookies未被标记为HTTPOnly 解决方案
2023/02/08 14:13:31
apache解决问题:
Header always edit Set-Cookie "(?i)^((?:(?!;\s?HttpOnly).)+)$" "$1; HttpOnly"Header always edit Set-Cookie "(?i)^((?:(?!;\s?secure).)+)$" "$1; secure"#
改为Header always edit* Set-Cookie "(?i)^((?:(?!;\s?HttpOnly).)+)$" "$1; HttpOnly"Header always edit* Set-Cookie "(?i)^((?:(?!;\s?secure).)+)$" "$1; secure"