Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Enable HttpOnly and Secure on cookie creation #24522

Closed
davidby-influx opened this issue Dec 20, 2023 · 0 comments
Closed

Enable HttpOnly and Secure on cookie creation #24522

davidby-influx opened this issue Dec 20, 2023 · 0 comments
Assignees
@davidby-influx
Labels
area/api area/2.x OSS 2.0 related issues and PRs kind/bug security/medium security team/edge

Comments

@davidby-influx
Copy link
Contributor

davidby-influx commented Dec 20, 2023
edited
Loading

To improve security, always set the HttpOnly flag and set the Secure flag on cookies when TLS is enabled.
@davidby-influx davidby-influx self-assigned this Dec 20, 2023
@davidby-influx davidby-influx mentioned this issue Dec 20, 2023
Closed
davidby-influx added a commit that referenced this issue Dec 20, 2023
@davidby-influx
fix: enable HttpOnly and Secure using TLS
e5b864a 
When TLS is enabled, set the HttpOnly and
Secure flags when a cookie is created.

closes: #24522
@davidby-influx davidby-influx mentioned this issue Dec 20, 2023
Merged
davidby-influx added a commit that referenced this issue Dec 20, 2023
@davidby-influx
fix: enable Secure when using TLS and enable HttpOnly (#24524)
8e8700f 
Set the HttpOnly and, when TLS is enabled, 
Secure flags on cookies

closes: #24522
davidby-influx added a commit that referenced this issue Dec 20, 2023
@davidby-influx
fix: enable Secure when using TLS and enable HttpOnly (#24524)
c84711f 
Set the HttpOnly and, when TLS is enabled,
Secure flags on cookies

closes: #24522

(cherry picked from commit 8e8700f)

closes #24523
@davidby-influx davidby-influx mentioned this issue Dec 20, 2023
Merged
davidby-influx added a commit that referenced this issue Dec 20, 2023
@davidby-influx
fix: enable Secure when using TLS and enable HttpOnly (#24524) (#24526)
66ebe36 
Set the HttpOnly and, when TLS is enabled,
Secure flags on cookies

closes: #24522

(cherry picked from commit 8e8700f)

closes #24523
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@davidby-influx davidby-influx

Labels
area/api area/2.x OSS 2.0 related issues and PRs kind/bug security/medium security team/edge
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jdstrand @davidby-influx