How to fix Cookie set without httpOnly security Issue in GWT


0 votes
asked Mar 15, 2016 by jul_7062_i (210 points) 1 flag
Can you help me with this. We have developed web application using Java and GWT, Now we are fixing following issues:Security Issues:X-Frame-Options:X-XSS-Protection:Cookie:HttpOnly and SecureFrom above. I would like to use odatacontroller

4 Answers

0 votes
answered Apr 20, 2016 by answer_i (160 points) 1 flag
The previous setting in web.
The next issue to solve is disabling directory browsing.
The rest of the issues have to do with XSS, autocomplete, and cookies. I would also recommend https://archconf.com/blog/matt_raible/2011/06/java_web_application_security__part_v_penetrating_with_zed_attack_proxy
+1 vote
answered Apr 25, 2016 by Sva_i (290 points)

Now let's take a look at how to fix them. The screenshot below shows the various issues.
commented Apr 27, 2016 by Christello (210 points)
Take a look at this and this for a more detailed explanation
0 votes
answered May 14, 2016 by iwaoka_A (590 points)
This documentation solved this problem for me. For details have a look at AskF5 | Release Note: BIG-IP ASM 11.3.0
commented May 16, 2016 by ire_A (140 points)
You should ask for more details
0 votes
answered Jun 2, 2016 by Ersis (150 points)
Yes GWT: IE cannot read session cookie with Tomcat7, results ... this is clearly wrong
Hope you will enjoy the tool

Related questions

0 votes
5 answers
0 votes
5 answers
asked Feb 1, 2016 by reddoch (1,780 points)
0 votes
4 answers

What is Geekub?

Q&A site for professional and enthusiast programmers, software developers and other technical users. With your help, we hope to work together to build a library of detailed answers to just about any question that is related to programming!







...