I am running Umbraco 7.4.2.
I noticed that after logging in to the backend of our Umbraco installation using latest version of Chrome. I then press F12 to show the developer tools.
I noticed on any page in the backend, an XSRF-TOKEN cookie is created that does not have the httpOnly flag set! Yet in my web.config I have this setting
Since this setting in our web.config is site wide, why/how does XSRF-TOKEN cookie get created without the httpOnly flag being set?
Also, Is there a way to set the XSRF-TOKEN cookie as httpOnly and requireSSL= true?
XSRF-TOKEN cookie does not have httpOnly flag set
I am running Umbraco 7.4.2. I noticed that after logging in to the backend of our Umbraco installation using latest version of Chrome. I then press F12 to show the developer tools. I noticed on any page in the backend, an XSRF-TOKEN cookie is created that does not have the httpOnly flag set! Yet in my web.config I have this setting
Since this setting in our web.config is site wide, why/how does XSRF-TOKEN cookie get created without the httpOnly flag being set?
Also, Is there a way to set the XSRF-TOKEN cookie as httpOnly and requireSSL= true?
Thanks
BTD
I'm having the same issue. How did you solve it ?
is working on a reply...