Set the 'HttpOnly' attribute on solara-session-id cookie #799
Unanswered
lopezvoliver
asked this question in
Q&A
Replies: 1 comment 3 replies
-
Hi Olivier, thank you for bringing up this point. A while ago i noticed this myself as well, and was wondering it we should change this, and what the risks are. I'm happy for this to be changed. Regards, Maarten |
Beta Was this translation helpful? Give feedback.
3 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
As part of a security vulnerability test on a solara-based project, the following Medium risk was identified:
As a first time developer of a small application based on Solara, where can I look to fix this issue? Is there a configuration option or a command-line option for
solara run
that could fix this?Or is it something can't be changed (i.e. "the application requires that the cookie accessible to Javascript code")? If so, how can I justify it
Beta Was this translation helpful? Give feedback.
All reactions