- Content Types
- Headless Development Guide
- Best Practices
- Technical Documentation and Processes
-
Stack Overflow
- How can I notify others about a question?
- Will public Stack Overflow users be able to see my Team?
- What are the best practices for tagging?
- What integrations are enabled on our Team?
- What kind of questions can I ask here?
- Is there a syntax highlighter for eZ Publish legacy?
- What's the minimum PHP version required for eZ Publish?
- Do we have a server naming strategy?
- How do I remove information-leaking headers in IIS?
- How do I safely restart apache on ubuntu after changing configuration?
- For lamp site Vagrant boxes, can I speed up a reprovision if provision fails and I made a change?
- Where can I find / discuss Blend's developer best practices?
- I have SSH access to a production/QA LAMP site, but I need to examine raw solr documents. How do I do it?
- How do I set Octopus Deploy to deploy my package automatically once Jenkins builds it?
- How do I find the IP address of a host or domain?
- How can I view a server using a different domain? (add an entry to my hosts file)
- How do I allow clients to make site redirects in Drupal?
- What version of Symfony should I choose?
- Is there a naming strategy for new projects?
- What belongs in the project README?
- How do I know who to assign my merge request to?
- Can custom services be autowired into another service in Symfony?
- Why can't I access the EC2 metadata URL on a Windows VM?
- I'm added a new feature that makes a network request, and it's working in dev. Why wont it work in QA / Prod?
- Someone discarded a draft in eZ Publish (4.x, 5.x, or legacy) and it's missing! How do I find it?
- How can I add a new https site to my local IIS?
- How do I setup a second site in episerver?
- How do I configure web.config to show descriptive errors?
- How do I import a .bacpac file into SQL with SSMS?
- In a LAMP project, what's the best way to get a prod-like database locally?
- How do you log things with NSSM
- How do I add a new club to the ClubCorp O.N.E. Benefits Finder?
- Where can I find a screen recording from a join.me call?
- Which static site generator should we use?
- How do I forward a call in the office directly to voicemail?
- Is there an actively updated list of integration and prod sites somewhere everyone can reference?
- Where is the Blend Accessibility site again?
- What Meta information do I need to support the common social media networks?
- How do I paste a copied timesheet entry in redmine?
- How do I add time to a project I'm not a part of?
- Is there a limit on uploading files to gitlab?
- How can I alias a git command?
- How do I figure out if Blend hosts a website?
- What belongs in a project Readme.md ? Do we have a boilerplate Readme.md or other file?
- How do I become the call organizer in Join.me?
- Is `ISynchronizedObjectInstanceCache` a distributed cache?
- Importing bacpac file that requires database authentication fails
- Why doesn't DropDownListFor select correct options in a for loop?
- How can I set up a context menu for a program on Windows (such as Sublime Merge)?
- Is there a way to test use the google geocode api for free during initial development?
- How do I make myself an operator in dialpad?
- How do I find a file that may have exited in a Git repo sometime in the past?
- How do I include a javascript library in my dojo module
- How do I test a site over VPN using CrossBrowserTesting?
- How can I use a CDN with fall back in Episerver?
- How do I create a rewrite rule in IIS?
- How can I use an SQL query to find where page types are used in episerver?
- How do you build an Octopus Nuget Package Manually
- How can I manually build an existing project using Jenkins?
- Fix matchHeights in Owl Carousel on browser resize
- How do I create an accordion or collapse in Redmine?
- How do I create linked text to an external URL in Redmine?
- How to delete references to deleted branches?
- What is module dependency order in EPiServer
- Why is my custom 404 handler always timing out?
- Can anyone create custom queries in redmine?
- How do I create a SQL user with access to create RDS backups?
- What are the naming conventions for QA servers?
- Url in Property list not saving
- How to fix "At least one object must implement IComparable." from Marketo after copying Episerver database?
- How can I clear the 'History' tab of an episerver scheduled job?
- How do I clone a gitlab project over https, now that gitlab requires 2fa?
- I get an error in Jenkins about "${BUILD_DATETIMEVERSION_PATH}' is invalid", how do I fix it?
- How can I send a test email from Episerver?
- How to show help text in edit mode to editors in Epi
- Local episerver login just flashes
- How can I hide a page from episerver find without requiring a reindex
- How can I use symlinks with git on Windows?
- How do we add a redirect to a document in Wyam?
- How to get the correct link from `LinkItem.Href` in Episerver?
- Why is my custom Episerver login redirecting to the homepage?
- Should I use `UserName` or `Username` with `ApplicationUser` in Episerver?
- How can I port forward locally on windows?
- Why isn't Episerver logging errors?
- I can't update an element in Tiny MCE with a custom class via the styles_format dropdown
- Xs and Os, Nobody Knows (Code Challenge)
- Frequency Distribution (Code Challenge)
- Episerver Forms scroll to Validation Error
- Palindrome Descendant (Code Challenge)
- Single Letter Swaps (Code Challenge)
- Episerver is not returning the correct language
- Phone Decoder (Code Challenge)
- Mini Sudoku (Code Challenge)
- Convenience Store (Code Challenge)
- Odd Up, Even Down (Code Challenge)
- C-ns-r-d Str-ngs (Code Challenge)
- Empty Square Sequence (Code Challenge)
- Extract City Facts
- Is Johnny Making Progress? (Code Challenge)
- Building Forums in Episerver
- Create a Blog in Episerver
- Non solr search solution on Episerver
- Azure Active Directory Login on Episerver
- Block Usage Report
- Off canvas Menu sliding in and out of window
- Multi-Level Navigation
- Single-Click CTA block linked to content
- Styled numbered lists
- How to build a responsive forum
- Responsive carousel with image and text content
- Multi-select checkboxes in a dropdown
- Responsive Table
- Accessible Calendar
- How to shift page focus
- What are the common JavaScript Frameworks we use?
- What are some of the common plugins we use?
- How do we use the YouTube API
- How do I add highlighting to Solr Suggester results?
- How do I create a gulpfile?
- What are some hidden red flags to look for when doing code review?
- How do I treat compiled files in an episerver project?
- How to set up a hook for Jenkins build
- Unmix My Strings (Code Challenge)
- Reverse Coding Challenge #4 (Code Challenge)
- When working with a CMS, which template should classes for container vs item be in?
- Array of Multiples (Code Challenge)
- What are some topics to discuss during pair programming down time?
- How do I configure sentry for a new project?
- Broken Keyboard (Code Challenge)
- How do I convert an Episerver project to using Identity
- How do I set up a new site using Episerver Foundation?
- How can I safely undo a commit?
- Filter Primes (Code Challenge)
- How do you offset an anchor link so it is positioned below a fixed header?
- Reversing a binary string (Code Challenge)
- Filter Strings from an Array (Code Challenge)
- How can I shrink my database files?
- Word Nest (Code Challenge)
- How do I work with Templates, and partials in Episerver?
- How do I set up gulp for a new project
- Bob Estimation Tool (Code Challenge)
- How can I automate the Episerver upgrade process?
- What is Variance and how do I ~deal~ work with it?
- Whats the best way to handle Google Server ownership in Episerver?
- How do I test sending emails on localhost using SMTP?
- How do I render TinyMce input without the surrounding paragraph tag?
- IContentRepository vs IContentLoader
- After upgrading my Umbraco site, the back-office doesnt load?
- How do I build a multicolumn block in episerver?
- How do I show the 404 page in the correct language in Episerver?
- The type 'ValueType' is defined in an assembly that is not referenced
- How do I use Display Tags in Episerver?
- Given a string of text, how can I find duplicate words separated by a comma?
- How can I manually generate the route segment for a page?
- Episerver Importers
- How do I move production robots.txt file into place on release build?
- How can I prevent blocks from bringing down an entire page in Episerver?
- How do I set up Netlify to deploy automatically through Azure DevOps?
- How do I allow an AppService to access a port on a VM in Azure?
- How do I use submodules with Azure DevOps when the submodules are in Gitlab?
- How do I set up an Umbraco site to deploy through Azure DevOps?
- How do I deploy a site to AWS through DevOps?
- How do I allow editors to Dynamically update caching for assets that are updated frequently
- What plugins do we commonly use on Episerver sites?
- What plugins do we commonly use for Front end?
- What plugins do we commonly use on Umbraco sites?
- How can I ensure clients don't get stale static assets when the site is behind a CDN?
- How do I make an RSS feed in Episerver?
- How do I get a production database for an Episerver DXP Client?
- How do I make a custom resource (e.g .aspx) available on a friendly URL in Episerver
- Typeahead/Suggestive search
- How can I make classes exclusive in TinyMCE?
- What's the best practice for adding a new site to your Episerver project?
- What steps do I after installing SQL Server?
- What do I need to do to render pages in Epi for the first time?
- How do I add a merge request template to my repo?
- How do I create a user on an Azure SQL database?
- How do you create an accessible card where the whole card is clickable?
- How do I make a block editable with on page editing?
- How do I use my site's local nuget source?
- How can I speed up Nuget package restore on Azure DevOps?
- How to create an episerver admin plugin?
- Azure/DXP ImageProcessor Config Transform
- I can't run npm packages globally on my windows machine
- How can I use one TinyMce config for all multisites?
- Why are some pages throwing a 500 error that I can't catch?
- How can I mirror repositories to other repositories
- How do you style all siblings on hover with just CSS?
- How do I convert a site to static files?
- Why isn't my RSS feed working?
- Clearing ImageProcessor Cache in Azure
- How do I highlight search results in Solr?
- How can I render a non SVG inline?
- How do I use the Auto Suggest Selection Attribute?
- How do I force Razor View Files to compile before it's too late?
- How do I test my config transforms?
- How do I get blobs for an Episerver/Optimizely DXP site?
- How can I preview DXP microsites during a deployment?
- How do I add Cache busting with .NET Projects?
- Editorial template control in Episerver? Also, what's `IDynamicTemplateContent`?
- How do I use Sovereign to reverse proxy a site in .NET MVC?
- How do you do Episerver upgrades?
- How do I determine which personalized blocks will be shown in a content area
- How do I add Sentry Javascript error monitoring
- How do I add robots.txt to Umbraco?
- What are Blend's Static IP addresses for VPNs and Firewall Whitelists?
- How can I see what claims are coming through with Identity authentication?
- How do I use LetsEncrypt with a custom domain on Azure App Service?
- How do I send a message with Blend Bot on Slack?
- How do I set up an ADFS integration?
- Where do I put project wide constants?
- How do I create simple middleware in .NET 5?
- How do I get a list of Blocks by type?
- How do I configure TinyMCE for Optimizely?
- How do I add an admin user with Opti 12?
- How do I work with the default Optimizely Content Renderer?
- How can I make a tag helper for images in .Net 5?
- How do I prevent log files from growing exponentially?
- What are known compatibility issues with running Optimizely on Linux?
- How can I debug Optimizely DXP sites?
- What does a client need to do in order to setup friendly names for DXP?
- How do I test if an Optimizely site can handle Read Only Deployments?
- How do you map custom virtual roles in Optimizely CMS 12?
- How do I add different inputs to the Optimizely CMS Editor?
- How can I find out what branches are on QA and not production?
- How do I apply Fetch HTML and apply it directly to the DOM?
- How do I add a maintenance page for CMS 12 DXP sites?
- What is a good starting point for handling responsive images?
- CMS 11 Reports with MVC
- How do I hide Categories on blocks in Optimizely CMS 12?
- How can I render a Razor View to a string (in full framework ASP.NET)?
- How do I backup / restore an RDS database instance on AWS?
- Optimizely CMS 12 Scheduled job is stuck
- How do I add a recaptcha form element, or other custom form element?
- How do I make tables better for editor in TinyMCE?
- How can I cache things in a robust way that doesn't cause page loda delays?
- Win32Exception: The certificate chain was issued by an authority that is not trusted
- How do I import a database to Azure SQL?
- How do I set up Gulp with caching?
- How do I make the description of a property always visible in Optimizely CMS 11?
- What are some Nuget package best practices? And how can I sign my Nuget package?
- Setting the Secure Cookie Attribute and HttpOnly flag on cookies
- How do I rewrite URLs in Dotnet 5+
- Why is my Nuget Feed not loading?
- What Optimizely CMS 12 upgrade advice do we have?
- How do I convert an AWS Secret Key to SES credentials?
- How do I set a Cache-Control on static assets? (dotnet 5+)
- How do I restrict a tab to a user group in Optimizely?
- How to increase File Upload Size limits for CMS 12
- How to fix "Unable to launch IIS Express Web Server" "Failed to register URL"
- How to send emails through SMTP with email account with Multi factor authentication (MFA)?
- What permissions do I need to setup for a standard Google maps implementation?
- How do I do multiline editing?
- How do we allow clients to transfer arbitrarily large files to us?
- How I can skip Optimizely authentication locally?
- Optimizely - Some editors can't login after CMS 12 upgrade
- How do I test if a cert is going to work on a Cloudfront (or other CDN) deployment?
- How do I declare a PropertyList property as being non-required?
- What is the best way to check if response headers have already been sent or the body has already been written to in .NET?
- How do I make a dropdown's values dependent on the selection of another dropdown in Optimizely CMS?
- How can I restrict access to a single or select few properties in Optimizely CMS 12?
- Solved Problems
Setting the Secure Cookie Attribute and HttpOnly flag on cookies
- Page Owner: Not Set
- Last Reviewed: 2022-09-15
Secure Cookie Attribute:
The secure attribute is an option that can be set by the application server when sending a new cookie to the user within an HTTPÂ Response. The purpose of the secure attribute is to prevent cookies from being observed by unauthorized parties due to the transmission of the cookie in clear text. To accomplish this goal, browsers which support the secure attribute will only send cookies with the secure attribute when the request is going to an HTTPS page. Said in another way, the browser will not send a cookie with the secure attribute set over an unencrypted HTTP request. By setting the secure attribute, the browser will prevent the transmission of a cookie over an unencrypted channel.
Solution for Opti 12:
In the Startup.cs add
app.UseCookiePolicy(new CookiePolicyOptions
{
Secure = CookieSecurePolicy.Always
});
Solution for Opti 11:
In the web.config add
<httpCookies requireSSL="true" />
Set Cookie to be HttpOnly:
When a cookie doesn’t have an HttpOnly flag, it can be accessed through JavaScript, which means that an XSS could lead to cookies being stolen. These cookies include, but are not limited to, CSRF tokens and client sessions that can make it easier to achieve account/session takeover.
Solution for Opti 12:
app.UseCookiePolicy(new CookiePolicyOptions
{
HttpOnly = HttpOnlyPolicy.Always
});
Solution for Opti 11:
In the web.config add
<httpCookies httpOnlyCookies="true"/>