One in every of you requested this.
I just like the suggestions! It offers me an concept of what to jot down.
Earlier I defined how one can configure Apache HTTP server with HTTPOnly and Safe flag, and on this article I’ll discuss doing the identical on Nginx net server.
Having HTTPOnly and Safe within the HTTP response header may also help shield your net functions cross-site scripting and session manipulation assaults.
There are a number of methods to get this configured.
- Inside software code by builders
- Inject headers from the community edge, F5
- Configure on net servers
There are two potential methods to realize this within the Nginx net server.
Through the use of the “add_header” directive
A straightforward technique to set the cookie flag as HTTPOnly and Safe in Set-Cookie
HTTP response header. Again up the mandatory configuration file and add the next nginx.conf
beneath http
block.
add_header Set-Cookie "Path=/; HttpOnly; Safe";
Restart Nginx to confirm the outcomes
Through the use of proxy_cookie_path
One other various choice is so as to add the syntax beneath in ssl.conf or default.conf
proxy_cookie_path / "/; HTTPOnly; Safe";
Restart the Nginx to see the outcomes
Verification
If you’re testing intranet-based websites, you should utilize “Developer Instruments” in Chrome to look at the request headers. Nevertheless, for internet-facing, you should utilize a web-based HTTP response header checking device.
I hope this helps to safe and strengthen the Nginx net server.