@jenrol
opened this Issue on February 25th 2021
@jenrol
Summary
The matomo_lang cookie is not served as httpOnly, which was flagged by a pentest of our app. For use in high security or regulated industries, this can be a dealbreaker.
Your Environment
- Matomo Version: 4.1.1
- PHP Version: 7.4.7
- Server Operating System: Amazon Linux
- Additionally installed plugins: none
@sgiehl
commented
on February 25th 2021
@sgiehl
Hi @jenrol
Thanks for creating the issue. I will create a PR to change that behavior.
This Issue was closed on February 25th 2021