more secure cookie
Currently, the token
cookie is sent without the HttpOnly
and Secure
attributes.
Secure
should definitely be set when serving over HTTPS. Also check what breaks if we set HttpOnly
.
Thanks to @green@transfem.social and @ChaosKitsune@woem.men for pointing this out
Version 2024.3.1
Contribution Guidelines By submitting this issue, you agree to follow our Contribution Guidelines
- I agree to follow this project's Contribution Guidelines
- I have searched the issue tracker for similar requests, and this is not a duplicate.