为子文件夹/目录中的所有 cookie 设置 HttpOnly
我正在使用 IIS URLRewrite 将 HttpOnly 选项添加到所有传出请求,但它不会为请求添加此选项,例如设置 cookie 的 ./images/ 文件夹。
结果:设置 Cookie:ASPSESSIONIDQECSBATA=KGBFCMFABKMKPHBLFJHPNEJN;安全的; path=/
我的出站规则:
<outboundRules>
<rule name="Add HttpOnly" preCondition="No HttpOnly">
<match serverVariable="RESPONSE_Set_Cookie" pattern=".*" negate="false" />
<action type="Rewrite" value="{R:0}; HttpOnly" />
<conditions>
</conditions>
</rule>
<preConditions>
<preCondition name="No HttpOnly">
<add input="{RESPONSE_Set_Cookie}" pattern="." />
<add input="{RESPONSE_Set_Cookie}" pattern="; HttpOnly" negate="true" />
</preCondition>
</preConditions>
如何将 HttpOnly 标志添加到为我的图像文件夹设置的 cookie?
I am using IIS URLRewrite to add the HttpOnly option to all outgoing requests, except it is not add this for requests to for example my ./images/ folder where a cookie is set.
Result: Set-Cookie: ASPSESSIONIDQECSBATA=KGBFCMFABKMKPHBLFJHPNEJN; secure; path=/
My outbound rule:
<outboundRules>
<rule name="Add HttpOnly" preCondition="No HttpOnly">
<match serverVariable="RESPONSE_Set_Cookie" pattern=".*" negate="false" />
<action type="Rewrite" value="{R:0}; HttpOnly" />
<conditions>
</conditions>
</rule>
<preConditions>
<preCondition name="No HttpOnly">
<add input="{RESPONSE_Set_Cookie}" pattern="." />
<add input="{RESPONSE_Set_Cookie}" pattern="; HttpOnly" negate="true" />
</preCondition>
</preConditions>
How do I get the HttpOnly flag added to the cookie being set for my images folder?
将出站规则置于服务器级别。这将进入 applicationHost.config 并将其应用到该服务器上的所有站点。
Put the outbound rule at the server level. This will go in the applicationHost.config and apply it to all sites on that server.