[英]Oracle Apex view settings for HttpOnly and Secure flags
Based on the link below, current version of Oracle Apex cookies supports or automatically set as HTTP-only根据下面的链接,当前版本的 Oracle Apex cookies 支持或自动设置为仅 HTTP
https://community.oracle.com/tech/developers/discussion/4060471/httponly-and-secure-flags-in-session-cookie-and-all-cookies-for-oracle-apex-application https://community.oracle.com/tech/developers/discussion/4060471/httponly-and-secure-flags-in-session-cookie-and-all-cookies-for-oracle-apex-application
Now, we have security scanning which requires to provide evidence if the application is in HTTP-Only.现在,我们进行了安全扫描,如果应用程序仅使用 HTTP,则需要提供证据。 Is there a way I can view this?
有没有办法可以查看这个? Or is there any legit documentation from Oracle that can be reference to support the statement on the link?
或者是否有任何来自 Oracle 的合法文档可以参考以支持链接上的声明? My Oracle Apex 21.1.6
我的 Oracle Apex 21.1.6
Moreover, since JEE 6 it's also declaratively easy setting HttpOnly flag in a session cookie by applying the following configuration in the deployment descriptor WEB-INF/web.xml:此外,从 JEE 6 开始,通过在部署描述符 WEB-INF/web.xml 中应用以下配置,还可以轻松地在 session cookie 中设置 HttpOnly 标志:
<session-config>
<cookie-config>
<http-only>true</http-only>
</cookie-config>
</session-config>
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.