Avoid setting insecure cookie settings
このページは日本語には対応しておりません。随時翻訳に取り組んでいます。翻訳に関してご質問やご意見ございましたら、お気軽にご連絡ください。
ID: typescript-express/insecure-cookie
Language: TypeScript
Severity: Warning
Category: Security
CWE: 1004
Description
When using cookies in your application, one should ensure appropriate security options are set to lessen the risk of exploits and unauthorized users.
This rule will detect when secure
and httpOnly
are set to false
in a multitude of ways.
Learn More
Non-Compliant Code Examples
const cookie = {
secure: false,
httpOnly: false,
}
const options = {
cookie: {
secure: false,
httpOnly: false,
}
}
cookieSession({ secure: false })
Compliant Code Examples
const cookie = {
secure: true,
httpOnly: true,
}
const options = {
cookie: {
secure: true,
httpOnly: true,
}
}
cookieSession({ secure: true })
Seamless integrations. Try Datadog Code Analysis