Hello, Any idea?
On Sunday, August 29, 2021, 07:13:07 PM GMT+4:30, Jason Long <[email protected]> wrote: Hello, I scanned my website with the Acunetix tool and below vulnerabilities found: 1- Cookie(s) without HttpOnly flag set 2- Disable OPTIONS Method 3- CORS (Cross-Origin Resource Sharing) origin validation failure To solve these problems, I added below lines to my Virtual Host configuration file and restarted the Apache service: Header always edit Set-Cookie (.*) "$1;HttpOnly;Secure;samesite=lax" <Location /> <LimitExcept GET POST> order deny,allow deny from all </LimitExcept> </Location> Header set Access-Control-Allow-Credentials "true" But problems existed. How to solve them? Thank you. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
