Is there a way to set Secure and HttpOnly attributes on the Cookie?

dobarkod / cookie-banner

JavaScript based cookie-info banner for complying with EU cookie law

MIT License

425 stars 85 forks source link

Is there a way to set Secure and HttpOnly attributes on the Cookie? #26

Closed facundofarias closed 7 years ago

zytzagoo commented 9 years ago

Secure, yes. httpOnly, no (impossible, would defeat the purpose of httpOnly if it could be set from Javascript).

Depending on how you invoke Cookiebanner you'll have to either modify the original agree function or perhaps modify the prototype's agree at runtime (if/when calling run() manually...)

Ideally (if having yet another option is really ideal) a cookieSecure (bool) option could be exposed -- perhaps you'd like to contribute the code to handle it?

facundofarias commented 9 years ago

Indeed I did, the thing is that with the attribute secure set, the cookie it's not stored at all. Anyway, I will try it again (I am using OSX 10.9.5 and Chrome 43), and if I make it, I will send u a PR. Thanks!

zytzagoo commented 9 years ago

Are you serving/testing over https? You might also have to set the domain parameter explicitly...

Hard to say anything more without seeing/running the code :/