Merge branch '11-use-httponly-and-secure-flag-for-cookies-with-onsuccess' into 'master'

Resolve "Use HttpOnly AND Secure flag for cookies with onsuccess"

Closes #11

See merge request !13

content/etc/apache2/sites-available/icingaweb2-ssl.conf

@@ -8,7 +8,8 @@ Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains
 Header unset Server
 Header always set X-Content-Type-Options "nosniff"
 Header edit Set-Cookie ^(.*)$ $1;SameSite=lax
-Header edit Set-Cookie (?i)^(.*)(;\s*secure)??((\s*;)?(.*)) "$1; Secure$3$4"
+Header always edit Set-Cookie ^(.*)$ "$1;HttpOnly;Secure"
+Header onsuccess edit Set-Cookie ^(.*)$ "$1;HttpOnly;Secure"
 
 SSLProtocol -all +TLSv1.2 +TLSv1.3
 SSLCipherSuite TLSv1.3 TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256