New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
JS Tracker: set secure flag for _pk_testcookies #15313
Labels
c: Security
For issues that make Matomo more secure. Please report issues through HackerOne and not in Github.
Comments
@cundd be great. You probably want to respect the |
cundd
added a commit
to iresults/matomo
that referenced
this issue
Jan 10, 2020
cundd
added a commit
to iresults/matomo
that referenced
this issue
Jan 10, 2020
tsteur
pushed a commit
that referenced
this issue
Jan 12, 2020
Should be fixed |
jonasgrilleres
pushed a commit
to 1024pix/pix-analytics
that referenced
this issue
Sep 22, 2020
jbuget
pushed a commit
to 1024pix/pix-analytics
that referenced
this issue
Sep 26, 2020
mattab
changed the title
Set secure flag for _pk_testcookies
JS Tracker: set secure flag for _pk_testcookies
Sep 29, 2020
mattab
added
the
c: Security
For issues that make Matomo more secure. Please report issues through HackerOne and not in Github.
label
Sep 29, 2020
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
c: Security
For issues that make Matomo more secure. Please report issues through HackerOne and not in Github.
The test-cookie is not explicitly set as "secure". This generates a warning with our PCI Security Scan.
A possible fix could be to pass
configCookieIsSecure
to thesetCookie()
function.Is this a viable solution? Should I send a PR?
The text was updated successfully, but these errors were encountered: