• Plesk Uservoice will be deprecated by October. Moving forward, all product feature requests and improvement suggestions will be managed through our new platform Plesk Productboard.
    To continue sharing your ideas and feedback, please visit features.plesk.com

Resolved Web Application Cookies Lack Secure Flag and HttpOnly Flag

Martin73

Martin73

Basic Pleskian
I am using the service ScanMyServer from Beyond Security for my Nextcloud server. Since a few weeks i get the following message:
Web Application Cookies Lack Secure Flag

The following cookie does do not have the Secure cookie flag:
Cookie name: SameSite, Path: /, Secure Flag: 0
Click to expand...
Web Application Cookies Lack HttpOnly Flag

The following cookies do do not have set the HttpOnly cookie flag:
Cookie name: __Host-nc_sameSiteCookielax, Path: /, HttpOnly Flag: 0
Cookie name: __Host-nc_sameSiteCookiestrict, Path: /, HttpOnly Flag: 0
Cookie name: SameSite, Path: /, HttpOnly Flag: 0
Click to expand...

I have activated SSL/TLS support and SEO-safe permanent 301 redirect to https.
I'm not sure, is this now a server issue or an issue of Nextcloud? Security & setup warnings of Nextcloud is telling me: All checks passed.

OS ‪Ubuntu 18.04.2 LTS‬
Plesk Onyx 17.8.11
 

Attachments

  • Plesk_Security.PNG
    Plesk_Security.PNG
    5.8 KB · Views: 25
You must log in or register to reply here.

Similar threads

K
Resolved Web Application Firewall: Security rule IDs broken/reset
Replies
8
Views
2K
pleskpanel
P
R
Issue Problem with web application firewall - file extension is restricted by policy
Replies
3
Views
2K
Linulex
Linulex
D
Input How to run Magento 2 on Plesk Obsidian 18 without Docker
Replies
8
Views
7K
Isolde
I
gws
Resolved Exclude .well-known dir from SEO-safe 301 redirect from http to https
Replies
1
Views
2K
gws
gws
B
Forwarded to devs Wordpress toolkit - odd behavior: Change of preferred domain triggers password change and makes admin interface inaccessible
Replies
2
Views
3K
IgorG
IgorG
Back
Top