I have try scan my website (Laravel) with owasp-zap and i found alert "Cloud Metadata Potentially Exposed" and "Cookie No HttpOnly flag"
- Cookie No Http Only Warning, i have try to changed "http_only" and "secure" to be true in config/session.php and i still get the warning
- Cloud Metadata Potentially Exposed, what mean of this warning ?
==========
I just resolve cookie no http only flag with adding function in app/Http/Middleware/VerifyCsrfToken :
protected function addCookieToResponse($request, $response)
{
$config = config('session');
$response->headers->setCookie(
new Cookie('XSRF-TOKEN',
$request->session()->token(),
$config['lifetime'],
$config['path'],
$config['domain'],
$config['secure'],
$config['http_only'])
);
return $response;
}
Cookie No HttpOnly Flag Warning:
The HttpOnly flag for cookies protects that the cookie cannot be accessed by client-side scripts, like JavaScript. This provides a level of protection against certain types of attacks, like cross-site scripting (XSS). If you've already set
'http_only' => true, and'secure' => true, inconfig/session.php, then you're on the right way.Cloud Metadata Potentially Exposed:
This warning typically refers to the potential exposure of metadata endpoints that are associated with cloud services (e.g., AWS, GCP, Azure).
Cloud providers often expose an internal, unauthenticated endpoint that allows instances (like VMs) to query metadata about the instance itself (like IAM roles, instance ID, etc.). If an attacker can trick an application into making a request to this endpoint (for example, through SSRF - Server Side Request Forgery), they could potentially retrieve sensitive data. Check your application doesn't have open SSRF vulnerabilities that could be used to access these metadata endpoints.