search

greenbone / gsad

Greenbone Security Assistant HTTP Server - The server talking to the Greenbone Vulnerability Management daemon (gvmd).
GNU Affero General Public License v3.0
11 stars 14 forks source link

How to close GSAD's HTTPonly ? #87

Closed UsoulKind closed 1 year ago

UsoulKind commented 1 year ago

--http-only Serve HTTP only, without SSL.

Can I use ‘--http-only’ to control gsad's httponly config? Or , is there any way to close httponly? I want to get the cookie by script, Thanks!

image

bjoernricks commented 1 year ago

First of all this is a question and not a bug report. Therefore it would have been raised at https://forum.greenbone.net/ at best.

Second no you can't. And it's by intention. You have two tokens. First the session cookie and second the login token. Only the login token is accessible via JS. The session cookie is set by your browser automatically with every request after a successful login. Thus you don't have to care about it. The login token must be gathered during the login procedure and added to every request.