使用apache的重写规则来禁用OPTIONS方法。方法如下:
在apache配置文件http.conf中添加以下代码: LoadModule rewrite_module path/to/apache/modules/mod_rewrite.so RewriteEngine On RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK|OPTIONS) RewriteRule .* - [F]
或
<Location />
<Limit OPTIONS>
Deny from all
</Limit>
</Location>
PHP设置Cookie的HTTPONLY属性
PHP5.2以上版本已支持HttpOnly参数的设置,同样也支持全局的HttpOnly的设置,在php.ini中
-----------------------------------------------------
session.cookie_httponly =
-----------------------------------------------------
转载于:https://blog.51cto.com/365way/1881167