|
|
|
|
|
|
Win a copy of Pipeline as Code this week in the Cloud/Virtualization forum!
|
|
|
|
|
|
|
|
|
|
|
|
We tried lots of scripts combinations.One of them did it but this time, apache didn't start.Any suggestion would be nice 
?!;\s?HttpOnly).)+)$" "$1; HttpOnly"
?!;\s?secure).)+)$" "$1; secure"
Some people, when well-known sources tell them that fire will burn them, don't put their hands in the fire.
Some people, being skeptical, will put their hands in the fire, get burned, and learn not to put their hands in the fire.
And some people, believing that they know better than well-known sources, will claim it's a lie, put their hands in the fire, and continue to scream it's a lie even as their hands burn down to charred stumps.
Tim Holloway wrote:For those who are confused, this question references Apache httpd server, not Apache Tomcat.
Here's a good document on the http only attribute:
https://www.owasp.org/index.php/HttpOnly
And on the "secure" atttribute:
https://www.owasp.org/index.php/SecureFlag
What you are calling "scripts", I believe are actually mod_header transformation rules. I recommend that you wrap Code tags (the message editor has a Code button) around your sample text so that the message display formatter doesn't make them unreadable. Also, please paste actual text (again, using Code tags), not screen shots. It will help people read the message easier.
Beyond, that, you seem to be saying that it works except for something called the "site login patch". I don't know what that is, so I can't help on that.
|
I have a knack for fixing things like this ... um ... sorry ... here is a consilitory tiny ad:
SKIP - a book about connecting industrious people with elderly land owners
https://coderanch.com/t/skip-book
|
