An Interest In:
Web News this Week
- April 24, 2024
- April 23, 2024
- April 22, 2024
- April 21, 2024
- April 20, 2024
- April 19, 2024
- April 18, 2024
How to Protect Cookies Against Common XSS Attacks on the Web?
We can ignore Cookies danger by just not recommending its usage, but the fact is that at least 55% of all the websites use Cookies RIGHT NOW even with lots of existing cookieless strategies.
So how to protect Cookies against Common XSS Attacks?
Well, if your app really needs to use Cookies, configure each one through Set-Cookie HTTP Header with at least the following flags:
Secure
: To allow the Cookie only through HTTPS
HttpOnly
: To remove the Cookie from the document.cookie
SameSite
: To limit the Cookie context usage
Set-Cookie: Secure;HttpOnly;SameSite=Strict;...
Hope that with these tips, your app now has a few more chances against XSS Attackers that use Cookies breaches. Anyway, keep in mind that complex attacks can easily bypass these tips. So try to migrate ASAP to cookieless strategies.
If this content was useful for you, subscribe to my newsletter
Original Link: https://dev.to/obetomuniz/how-to-protect-cookies-against-common-xss-attacks-on-the-web-3p39
Dev To
An online community for sharing and discovering great ideas, having debates, and making friendsMore About this Source Visit Dev To