• Register

Share:- Whatsapp Facebook Facebook

------------------------------------- Welcome to Developerhelpway Q&A, where you can ask questions and receive answers from other members of the community.

Categories

0 votes
42 views
How can you secure your HTTP cookies against XSS attacks ?
in Node.js by

1 Answer

0 votes
XSS attacks when the attacker injects the executable javascript code into HTML response.

To reduce these attacks, you have to set flags on the set-cookie HTTP header:-

    1. HttpOnly - It is used to prevent attacks such as cross-site scripting since it does not allow the cookie to be accessed via JavaScript.
    2. secure - This attribute tells the browser to only send the cookie if the request is being sent over HTTPS.

For Example:- Set-Cookie: sid=<cookie-value>; HttpOnly. If you are using Express, with express-cookie session, it is working by default.
by (4.4k points)
...