Hello,
I have gitlab version 15.11, and our Security team scan the system and find that the ‘sidebar_collapsed’ cookie is not set with HttpOnly.
is there any way we can mark this cookie as httponly.
otherwise we are not allowed to use the gitlab ce on-prem.
Regards
Does anyone have this problem? Does everyone have this cookie with httponly?
Also googling this also shows this as being low risk anyway, so I cannot understand why your security team is so pedantic about it. I understand critical and high releases needing addressing immediately, but blocking something with such a low priority is just senseless.
hi @iwalker
Thanks for your response
I tried what is written but I still see that sidebar_collapsed cookies are not httponly
Do you have another idea?
