• Stan Hu's avatar
    Enable Secure attribute for frontend cookies · 9104396d
    Stan Hu authored
    By default, all frontend cookies have been set to insecure, even when
    HTTPS is enabled. This has tripped off some security scanners. While
    most of these cookies probably contain a single user preference and do
    not contain any personally-identifiable information, we should err on
    the side of caution and enable the Secure attribute if an encrypted
    channel is available.
    
    We now centralize all the application logic for cookie setting to the
    `setCookie` `getCookie` methods in `common_utils.js`.
    
    Relates to https://gitlab.com/gitlab-org/gitlab/-/issues/24040
    
    Changelog: security
    9104396d
design_sidebar.vue 7.5 KB