Resolved Web Application Cookies Lack Secure Flag and HttpOnly Flag

[Martin73]

I am using the service ScanMyServer from Beyond Security for my Nextcloud server. Since a few weeks i get the following message:

Web Application Cookies Lack Secure Flag

The following cookie does do not have the Secure cookie flag:
Cookie name: SameSite, Path: /, Secure Flag: 0

Web Application Cookies Lack HttpOnly Flag

The following cookies do do not have set the HttpOnly cookie flag:
Cookie name: __Host-nc_sameSiteCookielax, Path: /, HttpOnly Flag: 0
Cookie name: __Host-nc_sameSiteCookiestrict, Path: /, HttpOnly Flag: 0
Cookie name: SameSite, Path: /, HttpOnly Flag: 0

I have activated SSL/TLS support and SEO-safe permanent 301 redirect to https.
I'm not sure, is this now a server issue or an issue of Nextcloud? Security & setup warnings of Nextcloud is telling me: All checks passed.

OS ‪Ubuntu 18.04.2 LTS‬
Plesk Onyx 17.8.11

 

[Martin73]

This is the solution for Apache and this for Nginx.