Tu Chu Posted February 27, 2019 Share Posted February 27, 2019 Hi, I testing on PS 1.7.3. I discovered a security problem. At BO, the Set-cookie missing the Secure-Flag (in FO, not problem). I had config Enable SSL and Enable SSL on all pages. This is an issue or I missing another config? Link to comment Share on other sites More sharing options...
David Aguilar Posted December 15, 2020 Share Posted December 15, 2020 On 2/27/2019 at 9:29 AM, Tu Chu said: Hi, I testing on PS 1.7.3. I discovered a security problem. At BO, the Set-cookie missing the Secure-Flag (in FO, not problem). I had config Enable SSL and Enable SSL on all pages. This is an issue or I missing another config? I have the same issue, actually an scan from Rapid7 had detected this issue in my website. the remedation steps: Use HTTP X-Frame-Options Add the Secure flag to cookies sent over SSL Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now