Apache config: Cookie http only / secure #6866
Replies: 2 comments
-
It seems like the addition of the Header edit Set-Cookie ^(.*)$ $1;HttpOnly;Secure line in your Apache virtual host configuration might be causing an issue with the administration functionality of Wiki.js. This line is intended to add the HttpOnly and Secure flags to the Set-Cookie header for added security. Here are a few suggestions to troubleshoot and resolve the issue:
By systematically going through these steps, you should be able to identify the cause of the issue and find a solution. If the problem persists, you may also consider reaching out to the Wiki.js community or support channels for assistance. |
Beta Was this translation helpful? Give feedback.
-
The current base code of Wiki.js does not support the use of HttpOnly cookies. This is because certain components of the Wiki interface rely on accessing cookies through JavaScript. Setting cookies to HttpOnly interferes with functionalities such as the display of the admin engineering icon, which indicates if a user has admin permissions. This information, along with other permissions, is transmitted from the server to the client via cookies. |
Beta Was this translation helpful? Give feedback.
-
Hi :)
I tried to secure our apache server wich doing proxy for wikijs.
I added this line:
Header edit Set-Cookie ^(.*)$ $1;HttpOnly;Secure
to the virtualhost configuration.But, now, I can't access to the admin console.
I can login to the wiki, but the administration button does not appear and when I mouseover my avatar, it says "connection" like I'm not connected :/
Can someone explain this ?
Thx :)
Beta Was this translation helpful? Give feedback.
All reactions