• Introducing WebPros Cloud - a fully managed infrastructure platform purpose-built to simplify the deployment of WebPros products !  WebPros Cloud enables you to easily deliver WebPros solutions — without the complexity of managing the infrastructure.
    Join the pilot program today!
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.

Resolved Web Application Cookies Lack Secure Flag and HttpOnly Flag

Martin73

Martin73

Basic Pleskian
I am using the service ScanMyServer from Beyond Security for my Nextcloud server. Since a few weeks i get the following message:
Web Application Cookies Lack Secure Flag

The following cookie does do not have the Secure cookie flag:
Cookie name: SameSite, Path: /, Secure Flag: 0
Click to expand...
Web Application Cookies Lack HttpOnly Flag

The following cookies do do not have set the HttpOnly cookie flag:
Cookie name: __Host-nc_sameSiteCookielax, Path: /, HttpOnly Flag: 0
Cookie name: __Host-nc_sameSiteCookiestrict, Path: /, HttpOnly Flag: 0
Cookie name: SameSite, Path: /, HttpOnly Flag: 0
Click to expand...

I have activated SSL/TLS support and SEO-safe permanent 301 redirect to https.
I'm not sure, is this now a server issue or an issue of Nextcloud? Security & setup warnings of Nextcloud is telling me: All checks passed.

OS ‪Ubuntu 18.04.2 LTS‬
Plesk Onyx 17.8.11
 

Attachments

  • Plesk_Security.PNG
    Plesk_Security.PNG
    5.8 KB · Views: 25
You must log in or register to reply here.

Similar threads

K
Resolved Web Application Firewall: Security rule IDs broken/reset
Replies
8
Views
2K
pleskpanel
P
K
Issue Nextcloud Your web server is not properly set up to resolve
Replies
3
Views
2K
Rexikon
R
R
Issue Problem with web application firewall - file extension is restricted by policy
Replies
3
Views
2K
Linulex
Linulex
hardbrasil
Question web applications requiring custom envoiriments
Replies
3
Views
3K
Dave W
Dave W
burnley
Forwarded to devs It is possible to create mail box without triggering 'Create Mailname' event handler
Replies
4
Views
15K
Peter Debik
P
Back
Top