From 66fc67ce0852826f1944e8a6034f32204c51ce1d Mon Sep 17 00:00:00 2001 From: Jan <64534642+st0o0@users.noreply.github.com> Date: Thu, 25 Jun 2026 10:09:33 +0200 Subject: [PATCH] fix: Potential fix for code scanning alert no. 2: Cookie 'Secure' attribute is not set to true Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> --- .../Shared/HttpbinEndpoints.cs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/GaudiHTTP.IntegrationTests.Client/Shared/HttpbinEndpoints.cs b/src/GaudiHTTP.IntegrationTests.Client/Shared/HttpbinEndpoints.cs index 3074e39c..3582f2ac 100644 --- a/src/GaudiHTTP.IntegrationTests.Client/Shared/HttpbinEndpoints.cs +++ b/src/GaudiHTTP.IntegrationTests.Client/Shared/HttpbinEndpoints.cs @@ -118,7 +118,7 @@ private static async Task HandleSetCookies(HttpContext ctx) { var sanitizedKey = SanitizeCookieToken(kvp.Key); var sanitizedValue = SanitizeCookieToken(kvp.Value.ToString()); - ctx.Response.Cookies.Append(sanitizedKey, sanitizedValue, new CookieOptions { Path = "/" }); + ctx.Response.Cookies.Append(sanitizedKey, sanitizedValue, new CookieOptions { Path = "/", Secure = true, HttpOnly = true, SameSite = SameSiteMode.Lax }); } ctx.Response.StatusCode = 302; ctx.Response.Redirect("/cookies", permanent: false);