Question

OriginURI cookie: set HttpOnly flag

2

Hi there, I would like to set the HttpOnly flag for the OriginURI cookie to true: Any ideas on how to do this in Mendix?

asked 2020-02-18

Tim Vredevoort

2 answers

Jeffrey Draaijer · Answer 1 · 2020-02-18

Hi Tim,

did you have a look at the following post: https://forum.mendix.com/link/questions/95740?

And as well the following on stackoverflow:

“An HttpOnly cookie means that it's not available to scripting languages like JavaScript. So in JavaScript, there's absolutely no API available to get/set the HttpOnly attribute of the cookie, as that would otherwise defeat the meaning of HttpOnly.”

https://stackoverflow.com/questions/14691654/set-a-cookie-to-httponly-via-javascript

But why do you want to do this? It would mean that the OriginURI cookie will not be accesible anymore by JavaScript.

Googleing this comes up with some warnings.

Hope this helps.

Cheers,

Jeffrey

Oscar Dijksman · Answer 2 · 2020-12-04

Hi Tim,

Our company security guidelines also describe this setting. Unfortunately, this is not possible at the moment. I submitted a feature request to enable this: https://forum.mendix.com/link/ideas/2187 You can upvote this if you want.

Greetings,

Oscar