[FIXED SECURITY-120]
If Jenkins URL is set to https, force the secure flag. Also force the cookie to be HTTP only, which mitigates the damage that XSS can cause. See https://www.owasp.org/index.php/SecureFlag
Please register or sign in to comment
If Jenkins URL is set to https, force the secure flag. Also force the cookie to be HTTP only, which mitigates the damage that XSS can cause. See https://www.owasp.org/index.php/SecureFlag