How to enable the httpOnly attribute for current_user Cookie

swathi_t · December 3, 2021, 7:36pm

Hi,

I am using AWX 15.0.0.
In our Pen testing we found the vulnerability: HTTPOnly and Secure attributes are not set for Cookies
I was able to enable to Secure attribute by adding these changes in the “settings.py” file.

settings.py

CSRF_COOKIE_SECURE= True
SESSION_COOKIE_SECURE= True

Topic		Replies	Views
vulnerability in AWX 15.0.0 AWX Project awx	0	0	November 30, 2021
AWX + Minikube+/etc/tower/settings.py edit (ro) AWX Project awx	3	1	December 17, 2021
vulnerability in AWX AWX Project awx , kubernetes	1	1	April 16, 2020
Getting CSRF error when logging in to AWX Operator Get Help awx , awx-operator , kubernetes	3	275	May 14, 2024
csrf Forbidden on install behind nginx reverse proxy AWX Project awx , windows	7	1	May 24, 2023

How to enable the httpOnly attribute for current_user Cookie

Related topics