Cookies Not Marked as HttpOnly

? ?

?

Today we faced an issue raised by Cyber security team " Cookies Not Marked as HttpOnly"?

Solution is as below ?

• In web.config make sure that key exists ??<httpCookies sameSite="None" requireSSL="true" />?

• Create Custom Pipeline ?

public class CookieProcessor : HttpRequestProcessor?

??? {?

??????? public override void Process(HttpRequestArgs args)?

??????? {?

??????????? var shellCookie = HttpContext.Current.Request.Cookies["shell#lang"];?

??????????? var asdCookie = HttpContext.Current.Request.Cookies["asd#lang"];?

??????????? if (shellCookie != null)?

??????????? {?

??????????????? shellCookie.HttpOnly = true;?

??????????????? HttpContext.Current.Response.Cookies.Add(shellCookie);?

??????????? }?

??

??????????? if (asdCookie != null)?

??????????? {?

??????????????? asdCookie.HttpOnly = true;?

??????????????? HttpContext.Current.Response.Cookies.Add(asdCookie);?

??????????? }?

??????? }?

??? }???

• Adding patch for pipeline on zzz folder as below ?

<!-- this pipeline used to fix issue raised by cyber security team Cookies Not Marked as HttpOnly -->?

<configuration xmlns:patch="https://www.sitecore.net/xmlconfig/">?

<sitecore>?

<pipelines>?

???? <httpRequestBegin>?

<processor patch:after="processor[@type='Sitecore.Pipelines.HttpRequest.LanguageResolver, Sitecore.Kernel']" type="WERA.Project.Website.Infrastructure.Pipelines.CookieProcessor, WERA.Project.Website" />?

? </httpRequestBegin>?

</pipelines>?

</sitecore>?

</configuration>?

?