[HUE-4466] [security] Deliver csrftoken cookie with "secure" bit set when HTTPS - Cloudera Open Source

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: 3.10.0
Fix Version/s: 3.11.0
Component/s: core.api
Labels:
None

Target Version:

3.11.0

Description

The following cookie were issued by the HUE and do not have the HttpOnly or Secure flag set:

csrftoken

It may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Attachments

Activity

People

Assignee:

Prakash

Reporter:

Prakash

Votes:

0 Vote for this issue

Watchers:

2 Start watching this issue

Dates

Created:

28/Jul/16 9:42 PM

Updated:

14/Sep/16 10:37 PM

Resolved:

29/Jul/16 2:00 AM