Hi Tim,
did you have a look at the following post: https://forum.mendix.com/link/questions/95740?
And as well the following on stackoverflow:
“An HttpOnly
cookie means that it's not available to scripting languages like JavaScript. So in JavaScript, there's absolutely no API available to get/set the HttpOnly
attribute of the cookie, as that would otherwise defeat the meaning of HttpOnly
.”
https://stackoverflow.com/questions/14691654/set-a-cookie-to-httponly-via-javascript
But why do you want to do this? It would mean that the OriginURI cookie will not be accesible anymore by JavaScript.
Googleing this comes up with some warnings.
Hope this helps.
Cheers,
Jeffrey
Hi Tim,
Our company security guidelines also describe this setting. Unfortunately, this is not possible at the moment. I submitted a feature request to enable this: https://forum.mendix.com/link/ideas/2187 You can upvote this if you want.
Greetings,
Oscar