• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Resolved Web Application Cookies Lack Secure Flag and HttpOnly Flag

Martin73

Martin73

Basic Pleskian
I am using the service ScanMyServer from Beyond Security for my Nextcloud server. Since a few weeks i get the following message:
Web Application Cookies Lack Secure Flag

The following cookie does do not have the Secure cookie flag:
Cookie name: SameSite, Path: /, Secure Flag: 0
Click to expand...
Web Application Cookies Lack HttpOnly Flag

The following cookies do do not have set the HttpOnly cookie flag:
Cookie name: __Host-nc_sameSiteCookielax, Path: /, HttpOnly Flag: 0
Cookie name: __Host-nc_sameSiteCookiestrict, Path: /, HttpOnly Flag: 0
Cookie name: SameSite, Path: /, HttpOnly Flag: 0
Click to expand...

I have activated SSL/TLS support and SEO-safe permanent 301 redirect to https.
I'm not sure, is this now a server issue or an issue of Nextcloud? Security & setup warnings of Nextcloud is telling me: All checks passed.

OS ‪Ubuntu 18.04.2 LTS‬
Plesk Onyx 17.8.11
 

Attachments

  • Plesk_Security.PNG
    Plesk_Security.PNG
    5.8 KB · Views: 25
You must log in or register to reply here.

Similar threads

K
Resolved Web Application Firewall: Security rule IDs broken/reset
Replies
8
Views
1K
pleskpanel
P
K
Issue Nextcloud Your web server is not properly set up to resolve
Replies
1
Views
1K
UnixDrive
U
R
Issue Problem with web application firewall - file extension is restricted by policy
Replies
3
Views
2K
Linulex
Linulex
hardbrasil
Question web applications requiring custom envoiriments
Replies
3
Views
2K
Dave W
Dave W
burnley
Forwarded to devs It is possible to create mail box without triggering 'Create Mailname' event handler
Replies
4
Views
15K
Peter Debik
P
Back
Top