I'm using vue-cookies in my application and couldn't find any option to enable the httponly.vue-cookies
I have tried adding httponly:true, but it's not working
Vue.$cookies.config('7d','','',true, {httpOnly: true})
Related
Im currently looking into setting up a proxy within my application for working within Sharepoint to update the cookies manually for local testing. have been using this https://medium.com/#joy.blanks/frontend-frameworks-inside-microsoft-sharepoint-e7694aa43c5d for reference and trying to convert the informaiton into a Vue3 project.
At present im struggling to get any conversation made and not entirely sure where it is falling over, i have tried to enable the debug settings to see if that reveals anything, but not getting any logs out in browser or console
I have the following added to my module.exports (have emited some data):
devServer: {
proxy: {
'https://<sharepoint_target>/_api': {
target: target,
logLevel: 'debug', // this what you want
changeOrigin: true,
}
}
}
and the Azios request is:
await axios.get(`${config.cmsEndPoint}/_api/lists/getbytitle('${list}')/items`,{ params});
but not able to even see if the proxy is kicking in as from the console give me any updated information around if the proxy server is working. Im not sure if its because im using a full url or if this would make a difference. The <sharepoint_)target> and the cms endpoing are the same string
From here i can then look at add a new header into the request as part of the proxy bypass section for the authication when testing locally.
We are planning to build site using abpboilerplate (Augular) framework .in that we noticed that abp.authtoken cookie is setting without httponly flag and also cookie is setting using Angular code. Setting cookie without httponly is not good practise .Can anyone advise whether can set httponly for abp.authtoken ? or it is really abp boilerplate framework limitation
You can configure application cookies at startup like:
services.ConfigureApplicationCookie(options =>
{
options.Cookie.HttpOnly = true;
});
I'm trying to integrate an automated tool with spinnaker through the gate API. Right now I have oauth2 enabled for the regular UI flow and am looking how to setup basic auth for my tool.
I couldn't find on the docs how or if this is possible at all. I've also tried reusing a session token but it doesn't work as the cookie can be reset when spinnaker redeploys.
You can enable basic authentication by changing the file .hal/<deployment-name>/profiles/gate-local.yml:
security:
basicform:
enabled: true
user:
name: <username you want>
password: <password you want>
and the file .hal/<deployment-name>/profiles/settings-local.js:
window.spinnakerSettings.authEnabled = true;
I've set up an express basic auth using the express-basic-auth module.
const basicAuthFunc = basicAuth({
challenge: true,
users: { 'admin': s.BASIC_AUTH.ADMIN_PASS }
})
it works on localhost. I'm prompted with a popup js challenge.
i'm deploying to lambda function and using AWS API gateway.
the page does not present me with the challange. I just get the 401 directly.
I tried removing the basic auth and the page loads so it's just related to the basic auth.
what headers should I add to api gateway ?
tried this one :
https://medium.com/#Da_vidgf/http-basic-auth-with-api-gateway-and-serverless-5ae14ad0a270
adding WWW-Authenticate and 'Basic' to 401 response.
didn't work
I have a socket.io application and recently I got this warning:
A cookie associated with a cross-site resource at URL was set
without the SameSite attribute.
A future release of Chrome will only deliver cookies with cross-site requests if they are set with SameSite=None and Secure.
You can review cookies in developer tools under
Application>Storage>Cookies and see more details at
https://www.chromestatus.com/feature/5088147346030592 and
https://www.chromestatus.com/feature/5633521622188032.`
Apparently it is something that Chrome will be updating in the future:
SameSite warning Chrome 77
I already tried this but to no apparent avail : io = io.listen(server, { cookie: false });
I think the cookie doesn't do anything, so how can I disable io from setting it?
As per the issue reported in Socket IOs' github repo, that cookie is not used for anything; you can disable it by setting cookie: false in the server options.
But what you have missed is setting {cookie: false} option when initializing the socket, not http.listen. The solution provided below worked for me that uses express as the server.
var server = require('http').createServer(express());
var io = require('socket.io')(server, { path:"/some/path", cookie: false });