UNPKG

@hint/hint-validate-set-cookie-header

Version:

hint for best practices related to the usage of the Set-Cookie response header.

webhint.io

webhintio/hint

75 lines (74 loc) 3.77 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
{ "description": { "description": "Metadata description", "message": "This hint validates the `set-cookie` header and confirms that it is sent with `Secure` and `HttpOnly` directive over HTTPS." }, "duplicatedDirective": { "description": "Report message when the header contains duplicated directives", "message": "A 'set-cookie' header contains duplicate directives." }, "hasDomainHostPrefix": { "description": "Report message when the header contains prefix but the domain directive is set", "message": "A 'set-cookie' header contains '__Host-' prefix but the 'domain' directive is set." }, "hasPrefixHttp": { "description": "Report message when the header contains prefixes from an insecure page", "message": "A 'set-cookie' header contains prefixes but is from an insecure page." }, "hasSecureHttp": { "description": "Report message when the cookies have the 'secure' directive, but the site is insecure", "message": "Insecure sites can't set cookies with the 'secure' directive." }, "invalidDate": { "description": "Report message when the cookie have an invalid 'expires' date", "message": "A 'set-cookie' has an invalid 'expires' date." }, "invalidDateFormat": { "description": "Report message when the cookie have an invalid 'expires' date format", "message": "A 'set-cookie' has an invalid 'expires' date format. The recommended format is: $1" }, "invalidName": { "description": "Report message when the header contains an invalid cookie name", "message": "A 'set-cookie' header has an invalid cookie name." }, "invalidValue": { "description": "Report message when the header has an invalid cookie value", "message": "A 'set-cookie' header has an invalid cookie value." }, "maxAgeAndExpireDuplicate": { "description": "Report message when 'max-age' and 'expires' exists in a cookie", "message": "The 'max-age' attribute takes precedence when both 'expires' and 'max-age' both exist." }, "maxAgeCompatibility": { "description": "Report message when max-age is not supported by a target browser", "message": "Internet Explorer (IE 6, IE 7, and IE 8) doesn't support 'max-age' directive in the 'set-cookie' header." }, "name": { "description": "Metadata name", "message": "Valid `Set-Cookie` header" }, "noHttpOnly": { "description": "Report message when the cookie doesn't have the 'httponly' directive", "message": "A 'set-cookie' header doesn't have the 'httponly' directive." }, "noNameValueString": { "description": "Report message when the header doesn't contain a cookie name-value string", "message": "A 'set-cookie' header doesn't contain a cookie name-value string." }, "noPathHasHostPrefix": { "description": "Report message when the header contains prefix but not the right value for path", "message": "A 'set-cookie' header contains '__Host-' prefix but the 'path' directive doesn't have a value of '/'." }, "noSecure": { "description": "Report message when a cookie doesn't have the 'secure' directive", "message": "A 'set-cookie' header doesn't have the 'secure' directive." }, "noTrilingSemicolon": { "description": "Report message when the header to set a cookie has a trailing ';'", "message": "A 'set-cookie' header has a trailing ';'." }, "unknownAttribute": { "description": "Report message when the header contains an unknown attribute", "message": "A 'set-cookie' header contains unknown attribute '$1'." } }