HttpOnly Flag

  • Resolved ryanothelo

    (@ryanothelo)


    9 months, 1 week ago

    Hi,

    Our security scanners have detected that the mailchip_landing_site cookie is missing the HttpOnly flag and has deemed it as a security issue.

    Can you please help me resolve this?

    Thank you in advance.

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Author ryanhungate

    (@ryanhungate)

    As of release 4.1 which just went out today, we’ve added a filter for anyone wanting to alter the cookie settings. Here’s an example of how to do this – just by adding this snippet to your functions.php file.

    add_filter('mailchimp_cookie_data', function($data) {
        $data['options']['httponly'] = true;
        return $data;
    });

    The filter is provided with a name of the cookie and the options are the options needs to be returned to the setcookie function. For this example, it will set the httponly to true as you needed. Hope this helps!

    Plugin Author ryanhungate

    (@ryanhungate)

    For anyone else looking into this problem – we’ve added a wiki article here as well:

    https://github.com/mailchimp/mc-woocommerce/wiki/Configuration-for-Setting-HttpOnly-Flag

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘HttpOnly Flag’ is closed to new replies.