Secure and httponly attribute

  • Resolved bpevrancken

    (@bpevrancken)


    3 years, 1 month ago

    Hi,

    I like this plugin. It is light-weight, easy and simple to use.

    One thing: the cookies generated by this plugin do not carry a secure attribute and/or samesite=lax|strict attribute. Is it possible to modify the code in the plugin so that the browser cookie is sent to the server only when a request is made with the https: scheme? And in addition to enable controls whether or not a cookie is sent with cross-origin requests (samesite attribute)?

    Thank you in advance.

    Best regards,
    Bart Vrancken

    The page I need help with: [log in to see the link]

Viewing 4 replies - 1 through 4 (of 4 total)
  • Plugin Author Support

    (@nikelschubert)

    Hi,

    in general the plugin sets the sameSite=lax attribute. Can you show me, when it does not set the attribute?

    Currently the cookie is set with secure=false and sameSite=lax. At the moment it is not possible to change that.

    Can you explain your use case a bit further?

    Regards
    Nikel

    Thread Starter bpevrancken

    (@bpevrancken)

    Hi

    Thank you for your quick reply.
    I was not entirely clear.

    The plugin does indeed set a samesite=lax attribute. But if I want to change the attibute to sameSite=Strict and Secure=True, then this is not possible yet, I understand. Or is it something I can change in the plugin code myself?

    Thanks again!

    Kind regards,
    Bart

    Plugin Author Support

    (@nikelschubert)

    Hi @bpevrancken,

    no this is not possible at the moment.
    Can you explain me why you need this feature?

    Regards

    Plugin Author Support

    (@nikelschubert)

    resolved, due to inactivity

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Secure and httponly attribute’ is closed to new replies.