PCI Compliance flagged for Mailchimp plug-in

  • Resolved kingcom

    (@kingcom)


    4 years, 5 months ago

    Hello,

    I need help trying to determine how to correct this fail “Cookie Does Not Contain The “HTTPOnly” Attribute” while trying to complete PCI Compliance on the site.
    It is with the Mailchimp cookie from
    Mailchimp for Woocommerce Version 2.4.7 . I was using the previous version when the test that was run Saturday, failed.:

    Result
    url: https://75.103.75.31/
    Payload: N/A
    matched: Date: Sat, 26 Sep 2020 00:12:06 GMT
    Server: Apache
    X-Redirect-By: WordPress
    Set-Cookie: mailchimp_landing_site=https%3A%2F%2Fciuspress.com%2F; expires=Sat, 24-Oct-2020 00:12:10 GMT; Max-Age=2419200; path=/
    Location: https://ciuspress.com/
    Transfer-Encoding: chunked
    Content-Type: text/html; charset=UTF-8


    Is this something that I can change or is this plug-in dependant?
    How can I resolve?
    Thanks

    • This topic was modified 4 years, 5 months ago by kingcom.
Viewing 5 replies - 1 through 5 (of 5 total)
  • Plugin Author ryanhungate

    (@ryanhungate)

    @kingcom thanks for bringing this up – we’ll take a look at a fix here shortly and report back.

    Thread Starter kingcom

    (@kingcom)

    Hello Ryan
    I have heard back from my SSL plug in and they confirm that their plugin is invoking SSL for all PHP cookies. “However, we can not influence cookies placed by plugins via JavaScript. This should be managed by the plugins themselves.”
    Hopefully you can bring your plug in inline with my SSL standards so I can pass PCI compliance.
    Let me know if you have any progress or timeline.
    Thanks for your help
    Sincerely
    Terry

    Thread Starter kingcom

    (@kingcom)

    Hello ryanhungate (@ryanhungate)
    I am following up if there is any news or progress on this?
    Thank you.
    Terry

    Plugin Author ryanhungate

    (@ryanhungate)

    @kingcom sorry for the delay on this. Have you tried changing the values on your php ini to show this?

    
session.cookie_httponly = 1
session.cookie_secure = 1

    We can certainly look into making this a developer setting too but for right now this would most likely do the trick for you.

    Plugin Support khungate

    (@khungate)

    Hi @kingcom, We’re going to close out this ticket for now since it’s been a few weeks since we’ve been in touch.

    Please let us know if you still need any help and we’ll be glad to reopen and troubleshoot further. Please note, the best way to reach us is over at the GitHub plugin page. From there, you can receive direct responses from the development team, log new issues, download the latest version, and track existing support tickets.

    • This reply was modified 4 years, 3 months ago by khungate.
Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘PCI Compliance flagged for Mailchimp plug-in’ is closed to new replies.