Closed richarddli closed 6 years ago
In the access_token cookie, Ambassador does not set the HTTP_ONLY flag, which means the cookie could be vulnerable to XSS attacks. The Secure flag doesn't get set, either, meaning it'll transmit over HTTP or HTTPS.
access_token
@richarddli Can you please assign this issue to me.
In the
access_token
cookie, Ambassador does not set the HTTP_ONLY flag, which means the cookie could be vulnerable to XSS attacks. The Secure flag doesn't get set, either, meaning it'll transmit over HTTP or HTTPS.