Uploaded image for project: 'Hue'
  1. Hue
  2. HUE-4466

[security] Deliver csrftoken cookie with "secure" bit set when HTTPS

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 3.10.0
    • Fix Version/s: 3.11.0
    • Component/s: core.backend
    • Labels:
      None

      Description

      The following cookie were issued by the HUE and do not have the HttpOnly or Secure flag set:

      csrftoken

      It may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

        Attachments

          Activity

            People

            • Assignee:
              ranade Prakash
              Reporter:
              ranade Prakash
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: