Make sure cookies are safe and secure

Metadata

ID: python-flask/secure-cookie

Language: Python

Severity: Notice

Category: Security

CWE: 614

Description

Cookies must have the secure and httponly parameters set to True.

Learn More

Non-Compliant Code Examples

response.set_cookie('username', 'flask', secure=False, httponly=False, samesite="Lax")
response.set_cookie('username', 'flask', secure=True, httponly=False, samesite="Lax")
response.set_cookie('username', 'flask', secure=False, httponly=True, samesite=None)
response.set_cookie('username', 'flask', samesite=None, secure=False, httponly=True)
response.set_cookie('username', 'flask', secure=False, samesite=None)
response.set_cookie('username', 'flask', samesite=None, httponly=True)

Compliant Code Examples

response.set_cookie('username', 'flask', secure=True, httponly=True, samesite='Lax')
https://static.datadoghq.com/static/images/logos/github_avatar.svg https://static.datadoghq.com/static/images/logos/vscode_avatar.svg jetbrains

Seamless integrations. Try Datadog Code Analysis

PREVIEWING: rtrieu/product-analytics-ui-changes