Tagged: 

Viewing 2 posts - 1 through 2 (of 2 total)
  • Author
    Posts
  • #1159085

    Dear Support Team

    What is the proper way to implement in ENFOLD cookies with Secure, HttpOnly and SameSite flags?

    I am looking forward for your answer.

    Best regards

    #1160185

    Hey Jaispirit,

    Thank you for the inquiry.

    This is currently not possible because the cookies generated by the theme — specifically those related with the privacy options — are created using Javascript and HttpOnly can only be accessed or applied using server-side scripts like PHP.

    // https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies

    To help mitigate cross-site scripting (XSS) attacks, HttpOnly cookies are inaccessible to JavaScript’s Document.cookie API; they are only sent to the server. For example, cookies that persist server-side sessions don’t need to be available to JavaScript, and the HttpOnly flag should be set.

    In which cookies would you like to apply the parameters to?

    Best regards,
    Ismael

Viewing 2 posts - 1 through 2 (of 2 total)

You must be logged in to reply to this topic.