Details
-
Suggestion
-
Resolution: Fixed
-
None
-
None
Description
Our auth cookies (infact all cookies) should have httpOnly set on them. This reduces the exposure to cookie-stealing via injected JS.
Our auth cookies (infact all cookies) should have httpOnly set on them. This reduces the exposure to cookie-stealing via injected JS.