Add HttpOnly flag to cookies

mrlt8 / docker-wyze-bridge

WebRTC/RTSP/RTMP/LL-HLS bridge for Wyze cams in a docker container

GNU Affero General Public License v3.0

2.6k stars 160 forks source link

Add HttpOnly flag to cookies #1140

Closed frakman1 closed 1 month ago

frakman1 commented 6 months ago

add httponly = True flag to the set_cookie() calls

Security scan revealed that the above flag is not set correctly. Scan Result shown below:

After implementing the changes, httpOnly flag is set correctly as seen in Dev Tools->Network->Cookies:

frakman1 commented 6 months ago

@mrlt8

claudobahn commented 1 month ago

@frakman1 that security scan seems highly flawed. None of the cookies mentioned contain sensitive information.

In fact, merging this pull request would break functionality, since the front-end javascript needs to be able to access these cookies for proper function.

I would suggest you close this pull request.