Scanning vulnerabilities I found the 'Missing httpOnly Cookie Attribute' with zabbix (3.2).
I know, this is an old zabbix problem not solved yet in the code.
I tried different ways to fix that directly in nginx with no luck.
What we have is : Set-Cookie: zbx_sessionid=a1be95629e8ad884ac1f498f817ccc6a; secure
And what we should have (as far I understand) is : Set-Cookie: zbx_sessionid=a1be95629e8ad884ac1f498f817ccc6a; secure ; HttpOnly
Somebody already fixed that one way or another ?
I know, this is an old zabbix problem not solved yet in the code.
I tried different ways to fix that directly in nginx with no luck.
What we have is : Set-Cookie: zbx_sessionid=a1be95629e8ad884ac1f498f817ccc6a; secure
And what we should have (as far I understand) is : Set-Cookie: zbx_sessionid=a1be95629e8ad884ac1f498f817ccc6a; secure ; HttpOnly
Somebody already fixed that one way or another ?
Comment