Andrew Charles Cilia created MYFACES-4417:
---------------------------------------------
Summary: Support for Same Site and HSTS
Key: MYFACES-4417
URL: https://issues.apache.org/jira/browse/MYFACES-4417
Project: MyFaces Core
Issue Type: Bug
Components: General
Affects Versions: 2.3.9
Environment: Redhat Linux
Reporter: Andrew Charles Cilia
Security Auditors have identified that Session Cookies
oam.Flash.RENDERMAP.TOKEN and other Myfaces cookies are not handling Same Site
and HTTP Strict Transport Security. I am unfortunately not knowledgeable enough
to respond to this athough I have browsed and cannot see any references to
these security measures in the context of myfaces.
Is this handled by some version of myfaces?
If not, is it something that is in the pipeline?
If not in the pipeline, can I find some explanation somewhere that states that
it is unnecessary?
Regards
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
