Skip to content

fix: Potential fix for code scanning alert no. 2: Cookie 'Secure' attribute is not set to true#55

Merged
st0o0 merged 1 commit into
mainfrom
alert-autofix-2
Jun 25, 2026
Merged

fix: Potential fix for code scanning alert no. 2: Cookie 'Secure' attribute is not set to true#55
st0o0 merged 1 commit into
mainfrom
alert-autofix-2

Conversation

@st0o0

@st0o0 st0o0 commented Jun 25, 2026

Copy link
Copy Markdown
Member

Potential fix for https://github.com/Leberkas-org/GaudiHTTP/security/code-scanning/2

Set the cookie as secure at creation time in HandleSetCookies (file src/GaudiHTTP.IntegrationTests.Client/Shared/HttpbinEndpoints.cs, around line 121) by updating the CookieOptions initializer to include Secure = true.
To preserve/strengthen security without changing endpoint behavior, also set HttpOnly = true and SameSite = SameSiteMode.Lax in the same options object. This keeps redirect/cookie flow intact while ensuring secure transport and better default cookie hardening.

No new methods or imports are required since Microsoft.AspNetCore.Http is already imported and contains CookieOptions and SameSiteMode.

Suggested fixes powered by Copilot Autofix. Review carefully before merging.

@st0o0 st0o0 changed the title Potential fix for code scanning alert no. 2: Cookie 'Secure' attribute is not set to true fix: Potential fix for code scanning alert no. 2: Cookie 'Secure' attribute is not set to true Jun 25, 2026
…ribute is not set to true

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
@st0o0 st0o0 force-pushed the alert-autofix-2 branch from c638783 to 66fc67c Compare June 25, 2026 08:28
@st0o0 st0o0 marked this pull request as ready for review June 25, 2026 08:31
@st0o0 st0o0 merged commit 9792830 into main Jun 25, 2026
5 checks passed
@st0o0 st0o0 deleted the alert-autofix-2 branch June 25, 2026 08:45
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant