Viewing 2 posts - 1 through 2 (of 2 total)
  • Author
  • #1159085

    Dear Support Team

    What is the proper way to implement in ENFOLD cookies with Secure, HttpOnly and SameSite flags?

    I am looking forward for your answer.

    Best regards


    Hey Jaispirit,

    Thank you for the inquiry.

    This is currently not possible because the cookies generated by the theme — specifically those related with the privacy options — are created using Javascript and HttpOnly can only be accessed or applied using server-side scripts like PHP.

    // https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies

    To help mitigate cross-site scripting (XSS) attacks, HttpOnly cookies are inaccessible to JavaScript’s Document.cookie API; they are only sent to the server. For example, cookies that persist server-side sessions don’t need to be available to JavaScript, and the HttpOnly flag should be set.

    In which cookies would you like to apply the parameters to?

    Best regards,

Viewing 2 posts - 1 through 2 (of 2 total)

You must be logged in to reply to this topic.