[DOCU-2922] Security best practices - No information on how to configure Cookie HttpOnly and Secure flags Created: 19/Nov/23 Updated: 23/Nov/23 Resolved: 23/Nov/23 |
|
| Status: | Closed |
| Project: | Documentation |
| Component/s: | None |
| Affects Version/s: | None |
| Fix Version/s: | None |
| Type: | Improvement | Priority: | Neutral |
| Reporter: | Raymond Tran | Assignee: | Adrian Brooks |
| Resolution: | Done | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Documentation page URL: | https://docs.magnolia-cms.com/product-docs/6.2/Administration/Security/Security-best-practices.html |
| Description |
|
Our Security best practices document contains the following guidance
It does not however state how the Cookie HttpOnly and Secure flags can be configured in Magnolia. This can cause ambiguity such as the case where a partner has stated that it is the responsibility of Magnolia to define these settings in Magnolia Bundle's Tomcat web.xml when it is in fact possible to define the configuration values in the Maven project. |
| Comments |
| Comment by Adrian Brooks [ 23/Nov/23 ] |
|
Note added about the configuration in Magnolia here: https://docs.magnolia-cms.com/product-docs/6.2/Administration/Security/Security-best-practices.html#_servlet_container_and_web_server_configuration |