Closed frakman1 closed 1 month ago
@mrlt8
@frakman1 that security scan seems highly flawed. None of the cookies mentioned contain sensitive information.
In fact, merging this pull request would break functionality, since the front-end javascript needs to be able to access these cookies for proper function.
I would suggest you close this pull request.
add
httponly = True
flag to theset_cookie()
callsSecurity scan revealed that the above flag is not set correctly. Scan Result shown below:
After implementing the changes, httpOnly flag is set correctly as seen in Dev Tools->Network->Cookies: