How to implement cookie HTTP header flag with HTTPOnly & Secure OLS

[tms-dev]

Dear OLS community, Currently we testing OLS to replace apache web server. But we need step-by-step to set cookie HTTP header flag with HTTPOnly & Secure on OLS, can anyone help us how to properly implement secure flag cookie on OLS (v.1.7.14)? Because when we put Header set cookie on VH context, It's worked but detected before cookie and cookie still not "HTTPonly" & "Secure".

thank you all

Web server:
Ubuntu 20.04 LTS
OLS 1.7.14
React JS web application

context HTTP Header:
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Security-Policy default-src https:; font-src https: data:; img-src https: data:; script-src https:; style-src https:;
X-Content-Type-Options "nosniff" always
X-Frame-Options: SAMEORIGIN
X-XSS-Protection 1;mode=block
Header set Set-Cookie HttpOnly;Secure
Expect-CT enforce, max-age=21600
Referrer-Policy: no-referrer-when-downgrade

 

[Cold-Egg]

Hi, I'm still not clear about the expected result, could you describe it more or share an example here would be helpful.

 

[tms-dev]

Hi, I'm still not clear about the expected result, could you describe it more or share an example here would be helpful.

expected result when we test cookie flag like this:

Spoiler: expected result

current result, cookie still not "httponly" and "secure"

Spoiler: current result

many thanks for help us

 

[Cold-Egg]

I see, usually, the cookie is set by the app. If the app has set cookie "httponly" and "secure", OLS would just pass along.
So, it's best the app has set the cookie correctly in 1st place, then no need webserver to modify it.

 

[tms-dev]

I see, usually, the cookie is set by the app. If the app has set cookie "httponly" and "secure", OLS would just pass along.
So, it's best the app has set the cookie correctly in 1st place, then no need webserver to modify it.

unfortunately website based on react javascript, where javascript doesn't supported httpOnly & secure for cookie flag

many thanks for help