Cookie does not contain secure/HTTPOnly attribute

tocinoatbp013 · January 11, 2021, 3:01pm

Hi,

Our security team has flagged a vulnerability when our Keycloak instance running in kubernetes using ngnix-ingress, was scanned via Qualys. Is this something to be worried about?

I have already configured Require SSL to all requests.

These are the url being tagged below:

https://domain.com/auth
https://domain.com/auth/realms/master/protocol/openid-connect/3p-cookies/step1.html?version=89j5v
Cookie Does Not Contain The "secure" Attribute
Cookie Does Not Contain The "HTTPOnly" Attribute

Topic		Replies	Views
How to set the secure flag for cookie KEYCLOAK_SESSION	2	7647	September 28, 2021
Kc_session Secure flag	0	757	December 10, 2021
Cookie secure flag not applied using "external requests" in "SSL required" parameter Getting advice	0	383	June 7, 2022
Cookie Security Configuring the server	0	1025	March 24, 2021
Firefox 92 and admin console: "Cookie will be soon rejected" Configuring the server admin-console	0	805	September 29, 2021

Cookie does not contain secure/HTTPOnly attribute

Related Topics