Base solution for your next web application
Open Closed

[IMPORTANT] VA/PT Vulnerability - Cookies to be marked as HTTPOnly and Secure #11989


User avatar
0
Aksiq created

Hi ABP Zero Support, I want to set flags of HTTPOnly and Secure for my session cookies in my ABP Zero application. Recently it has been reported by our VA/PT team that we need to set these flags in order for further proceedings in our testing. I have followed the blog post at https://aspnetzero.com/blog/http-only-cookies-in-asp.net-zero-angular-ui. But after implementing the said changes I am unable to set Tenant on login page, as it redirects again on the same page. Please note that my application is hosted as follows:

Client app : https://localhost/MYAPP Server app : https://localhost/Core

Please help me with the issue.


5 Answer(s)
  • User Avatar
    0
    ismcagdas created
    Support Team

    Hi,

    Is it really hosted on localhost or did you write localhost instead of wring your own domain ?

  • User Avatar
    0
    Aksiq created

    Hi,

    Is it really hosted on localhost or did you write localhost instead of wring your own domain ?

    I tested on my domain and localhost as well but couldn't find any solution.

  • User Avatar
    0
    ismcagdas created
    Support Team

    Is it possible to share your production URL ? We can check the problem for you.

  • User Avatar
    0
    Aksiq created

    The build is not in production due to VA/PT vulnerability. I would propose if we can connect in some online meeting session so I can show you application hosted on localhost. Please confirm, so I can share my email to proceed. Thanks.

  • User Avatar
    0
    ismcagdas created
    Support Team

    Hi @Aksiq

    Please send an email to [email protected] and we will try to help you.

    Thanks,