-
What Grafana version and what operating system are you using?
9.4.3 -
What are you trying to achieve?
Fixing Vulnerability_Risk: Missing HttpOnly Flag From Cookie
- How are you trying to achieve it?
Looking for the config change in the Grafana to fix the Missing HttpOnly Flag From Cookie
-
What happened?
Getting Vulnerability_Risk from Grafana after security assessment: Missing HttpOnly Flag From Cookie -
What did you expect to happen?
Fixing Vulnerability_Risk: Missing HttpOnly Flag From Cookie
- Can you copy/paste the configuration(s) that you are having problems with?
Received below recommendation in the grafana but not sure where to make this change.
Add the HttpOnly to all cookiesFor each cookie generated by your web-site, add the “HttpOnly” flag to the cookie. For example: Set-Cookie: =[; =] [; expires=][; domain=<domain_name>] [; path=<some_path>][; secure][; HttpOnly]
- Did you receive any errors in the Grafana UI or in related logs? If so, please tell us exactly what they were.
NA
- Did you follow any online instructions? If so, what is the URL?
No