-
Notifications
You must be signed in to change notification settings - Fork 9.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Cookie mage-messages has secure flag not set #38681
Comments
Hi @mdevrees. Thank you for your report.
Join Magento Community Engineering Slack and ask your questions in #github channel. |
Hi @engcom-Hotel. Thank you for working on this issue.
|
Hello @mdevrees, Thanks for the report and collaboration! We have tried to reproduce the issue in the 2.4-develop branch and we have observed that the Please go through the documentation related to it: And let us know the use case where you need this cookie should be secure. Thanks |
Seeing the compliance cookie law regarding mage-messages, then yes, you are correct in it not being (or having to be) secure. |
Thank you, @mdevrees, for your response! Given that this issue has been flagged in your security scan, it's possible that others may encounter it too. Therefore, we'll proceed by treating this as a "feature request." Appreciate it! |
Preconditions and environment
Steps to reproduce
\Magento\Theme\Controller\Result\MessagePlugin::setCookie
themage-messages
cookie is createdsetCookie
method the$publicCookieMetadata->setSecure($this->sessionConfig->getCookieSecure());
is not set / missing and apparently not marking the mage-messages as secure. If I addsetSecure
the mage-messages cookie is marked secure:Expected result
I expected the mage-messages cookie to be also set as secure.
Actual result
The
mage-messages
cookie isn't marked as secure.Additional information
I've tried searching for this specific issue in the github issue tracker but could not find any.
Release note
No response
Triage and priority
The text was updated successfully, but these errors were encountered: