+- GetSimple Support Forum (http://get-simple.info/forums)
+-- Forum: GetSimple (http://get-simple.info/forums/forumdisplay.php?fid=3)
+--- Forum: Developer Discussions (http://get-simple.info/forums/forumdisplay.php?fid=8)
+--- Thread: QUESTION How to add $cookie_secure? (/showthread.php?tid=15345)
How to add $cookie_secure? - craiga - 2020-10-29
I use getsimple for most things (because it's great to work with), however I've had an alert from The 'National Cyber Security Centre' flagging a warning about possible 'Permissive Cross Origin Resource Sharing policy'.
Wanted to pick a few peoples brains.
I was initially thinking that because the secure flag was not seen to be set in google chrome's inspector that it wasn't set at all.
I've tried setting the $cookie_secure variable to true within cookie_function.php (located in admin/inc) but it doesn't work.
Any ideas?
Many thanks
RE: How to add $cookie_secure? - Felix - 2020-10-30
Give us more information:
First of all:
can you repeat this message popup ?
Second:
Where did this message popup
What windows were open during the message popup
http https ?
What browser are you using
RE: How to add $cookie_secure? - craiga - 2020-10-30
(2020-10-30, 00:41:11)Felix Wrote: Give us more information:
First of all:
can you repeat this message popup ?
Second:
Where did this message popup
What windows were open during the message popup
http https ?
What browser are you using
Hi Felix, the message isn't on screen it's generated online by an organisation who evaluate the website (which I can't disclose for security reasons) and then I read their notices. The website uses HTTPS
I noticed that the GS cookie GS_ADMIN_USERNAME already has a setting of http_only but not secure
I need to add secure as I think it may resolve the issue and close the cors problem.
I looked in the configuration.php but changing the setting for $cookie_secure to TRUE, didn't work.
Code:
// cookie config
$cookie_name = lowercase($name_url_clean) .'_cookie_'. $ver_no_clean; // non-hashed name of cookie
$cookie_login = 'index.php'; // login redirect
$cookie_time = '10800'; // in seconds, 3 hours
$cookie_path = '/'; // cookie path
$cookie_domain = null; // cookie domain
$cookie_secure = null; // cookie secure only
$cookie_httponly = true; // cookie http onlyThanks
RE: How to add $cookie_secure? - Felix - 2020-10-30
What plugins are you using ?
Try to disable all your plugins, one by one,
and each time you disable a plugin,
check that message again
RE: How to add $cookie_secure? - Felix - 2020-10-30
Try this scanner to find a solution:
https://portswigger.net/burp/vulnerability-scanner
They have a free trial:
https://portswigger.net/burp/pro/trial
RE: How to add $cookie_secure? - Felix - 2020-10-30
Did you develop your site locally and so might have any left over http urls that you forgot to change to https ?
Any MaxCDN on http ? If using Webfonts from Google, Typekit, etc. try to disable them and check again.
RE: How to add $cookie_secure? - craiga - 2020-10-30
(2020-10-30, 02:00:19)Felix Wrote: Did you develop your site locally and so might have any left over http urls that you forgot to change to https ?
Any MaxCDN on http ? If using Webfonts from Google, Typekit, etc. try to disable them and check again.
Will do. Thanks Felix
Much appreciated
Craig