Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at

  • Tom 161 posts 322 karma points
    Aug 30, 2016 @ 10:59

    XSRF-TOKEN cookie does not have httpOnly flag set

    I am running Umbraco 7.4.2. I noticed that after logging in to the backend of our Umbraco installation using latest version of Chrome. I then press F12 to show the developer tools. I noticed on any page in the backend, an XSRF-TOKEN cookie is created that does not have the httpOnly flag set! Yet in my web.config I have this setting

    Since this setting in our web.config is site wide, why/how does XSRF-TOKEN cookie get created without the httpOnly flag being set?

    Also, Is there a way to set the XSRF-TOKEN cookie as httpOnly and requireSSL= true?



  • carl 12 posts 81 karma points
    Apr 28, 2020 @ 22:58

    I'm having the same issue. How did you solve it ?

Please Sign in or register to post replies

Write your reply to: