Request to add Cookie security settings | ww.wp.xz.cn

Resolved clickrmedia
(@clickrmedia)

2 years, 11 months ago
Our website has Google Web Stories plugin integrated as one of its post type. Everything works well except when the IT security team ran a vulnerability scan, it was flagged out that this article’s https://lot.dhl.com/web-stories/how-we-transport-milk-from-udder-to-bottle-using-cold-chain-logistics/ cookie does not have (1) the “secure” attribute and (2) “HTTPOnly” attribute.

We’re wondering if there are any chances that these two can be added so that our site adheres to the security requirements?

Hoping for your prompt reply.

Thank you!
- Ram
The page I need help with: [log in to see the link]

Viewing 2 replies - 1 through 2 (of 2 total)

Plugin Author Pascal Birchler
(@swissspidy)

2 years, 11 months ago

Hi there

Just to clarify, which cookie are you referring to exactly?

I do see 1 cookie set by Google Analytics, but since that is read & written exclusively on the client-side, HttpOnly does not actually apply to that. Otherwise analytics would not work 🙂

As for the Secure flag on that, I am not sure. I think it would be best if you ask over at https://github.com/ampproject/amphtml/ on how to use the Secure flag with amp-analytics. AMP is the open source project Web Stories are built on, and amp-analytics is what is used to set up Google Analytics. There’s nothing we could do regarding that from the plugin’s side.

Luckyna San
(@luckynasan)

2 years, 11 months ago

We are going to mark your topic as resolved as we haven’t received a response. Please feel free to open a new support topic if you experience any other issues. Thank you!

Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘Request to add Cookie security settings’ is closed to new replies.

2 replies
3 participants
Last reply from: Luckyna San
Last activity: 2 years, 11 months ago
Status: resolved