Set pum-* cookies secure and httponly

  • Resolved azadjohari

    (@azadjohari)


    2 years ago

    Hi team,
    How do I set the cookies created by the plugin pum-* to have these flag:

    • secure
    • HttpOnly

    Thanks!

    The page I need help with: [log in to see the link]

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Support Kim L

    (@kimmyx)

    Hi @azadjohari,

    We’ll forward your question to our development team to see if this is possible. ??

    We’ll let you know once we receive feedback.

    Plugin Author Daniel Iser

    (@danieliser)

    @azadjohar – Any particular reason, there is nothing about them that could be exploited. They store 1 as a value, can’t be exploited ever really as we check that they exists and are set to 1, otherwise popup opens.

    I think you may have used a scanner or tool and its giving you false alerts or misleading info.

    First setting httponly would literally break all intended usage as that makes it impossible for JavaScript to read them, and since that is the only way we check them to disable your popups properly its required not to be set.

    Lastly secure is only used for sending data to the server, which again we never do.

    These cookies are set & read in the clients own browser only, never read on the server. and in no way security concerns.

    Hope that clarifies, if you do try to do it, just know it will break things.

    Take care.

    Thread Starter azadjohari

    (@azadjohari)

    Hi Daniel and Kim,
    Thank you for the feedback.

    Yes, I’m using a scanner tool and it is giving me the alert. However, with you explanation, I can fwd it to the relevant team on this matter.

    Thanks!

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Set pum-* cookies secure and httponly’ is closed to new replies.