When I'm navigating to e.g. my-sso.product.com/oauth2/register, there is such a header being set among others:
set-cookie: HttpOnly
I believe there could be a cookie with its name and value and also HttpOnly option but somehow name and value are empty strings and instead of not creating a corresponding header, FA sets such an empty cookie.
Observed versions
1.50.0
Steps to reproduce
Navigate to /oauth2/register?...;
There are three cookies being set among the response headers:
Some browsers, e.g. Safari would just ignore such a cookie while some other, e.g. Google Chrome would set a cookie with an empty name and HttpOnly as a value.
Unused no-name and no-value cookie is set
Description
When I'm navigating to e.g. my-sso.product.com/oauth2/register, there is such a header being set among others:
I believe there could be a cookie with its name and value and also HttpOnly option but somehow name and value are empty strings and instead of not creating a corresponding header, FA sets such an empty cookie.
Observed versions
1.50.0
Steps to reproduce
/oauth2/register?...
;Expected behavior
Such a header doesn't exist:
Platform
Any browser.
Additional context
Some browsers, e.g. Safari would just ignore such a cookie while some other, e.g. Google Chrome would set a cookie with an empty name and
HttpOnly
as a value.