Can we bin the UMB_MCULTURE cookie? #11117
drpeck
started this conversation in
Features and ideas
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
The UMB_MCULTURE cookie is being flagged in some security scans as being insecure (not HttpOnly or SameSite="Strict/Lax"), when in fact it is only ever set in JavaScript. Would local storage not be a better store than a cookie? That would reduce the request size and avoid confused InfoSec.
https://github.com/umbraco/Umbraco-CMS/blob/dev/v9/src/Umbraco.Web.UI.Client/src/navigation.controller.js
Beta Was this translation helpful? Give feedback.
All reactions