Two small cookie misconfigurations found

  • Resolved inspire1989

    (@inspire1989)


    1 year, 4 months ago

    Hi there!
    I recently scanned a website with https://probely.com/ which found two small improvements for cookie settings that the real cookie banner lacks. (The page offers free accounts so try it out on your own if you like!)

    These findings are no big deal as they aren’t harmful by themselves as long as long as there is no additional real XSS vulnerability present on a website. But maybe you want to fix these findings some day which should be rather easy to do ??

    Thank you!

Viewing 1 replies (of 1 total)
  • Plugin Contributor Matthias Günter

    (@mguenter)

    Hey @inspire1989 !

    Thanks for your message. ??

    Cookie without HttpOnly flag

    Real Cookie Banner (and also other cookie plugins) need to rely on a cookie on the client side so I think this is more a false-positive warning as properly.com does not know exactly the purpose of the cookie. Real Cookie Banner needs to set the cookie via an HTTP request and has to obtain the cookie via JavaScript on same page request and page refresh so it can execute the opt-in and opt-out mechanism.

    Cookie with SameSite attribute set to None

    This is a known issue, but we have not yet found a solution for this. We have this already in our backlog, and we will let you know as soon as we have solution for this. ??

Viewing 1 replies (of 1 total)
  • The topic ‘Two small cookie misconfigurations found’ is closed to new replies.