How can you secure your HTTP cookies against XSS attacks? Shrikant Mishra155619-Jan-2021node.jshttp https network xss ssl
Shrikant Mishra
19-Jan-2021Cross site scripting (XSS) occurs when the attacker injects executable JavaScript code into the HTML response.
To reduce these attacks, we have to set flags on the set_cookies HTTP header:
HttpOnly - it attribute is used to help prevent attacks such as cross-site scripting since it does not allow the cookie to be accessed via JavaScript.
Secure - it attribute tells the browser to only send the cookie if the request is being sent over HTTPS.
So it would look something like this:
Whether, you are using Express, with express-cookie session, it is working by default.