Setting additional Set-Cookie options HttpOnly;SameSite=Strict;Secure.

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
2025-06-26 07:47:13 +02:00 · 2025-06-26 07:47:13 +02:00 · 3fb45acbe0
commit 3fb45acbe0
parent a9a1d20819
2 changed files with 8 additions and 1 deletions
--- a/debian/apache2.postinst
+++ b/debian/apache2.postinst
@ -56,7 +56,7 @@ enable_default_conf()
 	if is_fresh_install $@ ; then
 		for conf in charset localized-error-pages other-vhosts-access-log \
 				security serve-cgi-bin \
-				csp hsts ; do
+				csp hsts modern-cookies ; do
 			a2enconf -m -q $conf
 		done
 	fi
--- a/debian/config-dir/conf-available/modern-cookies.conf
+++ b/debian/config-dir/conf-available/modern-cookies.conf
@ -0,0 +1,7 @@
+# /etc/apache2/conf-available/modern-cookies.conf
+
+<IfModule mod_headers.c>
+	<IfModule mod_ssl.c>
+		Header edit Set-Cookie ^(.*)$ $1;HttpOnly;SameSite=Strict;Secure
+	</IfModule>
+</IfModule>