Must-share information (formatted with Markdown):
-
SonarQube 8.9.7
*** what are you trying to achieve**
The HttpOnly flag directs compatible browsers to prevent client-side script from accessing
cookies. When set, browsers that support the flag will not reveal the contents of the cookie
to a third party via client-side script executed via XSS. -
what have you tried so far to achieve this
As of now nothing has been tried but want to know about below
“how to mark the cookie as HttpOnly. so this will be an extra layer of defense against XSS.”
we were running a security scan on the application
Please guide
Regards,
SAM