Can we bin the UMB_MCULTURE cookie? #11117
drpeck
started this conversation in
Features and ideas
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
The UMB_MCULTURE cookie is being flagged in some security scans as being insecure (not HttpOnly or SameSite="Strict/Lax"), when in fact it is only ever set in JavaScript. Would local storage not be a better store than a cookie? That would reduce the request size and avoid confused InfoSec.
https://github.com/umbraco/Umbraco-CMS/blob/dev/v9/src/Umbraco.Web.UI.Client/src/navigation.controller.js
Beta Was this translation helpful? Give feedback.
All reactions