Does keycloak documentation say that Cookie transfer in HTTP should be securely encrypted

yhnbgf · November 1, 2023, 3:35pm

I want to report a vuln along the lines of this, but not sure if it was an intended functionality.

dasniko · November 1, 2023, 3:37pm

If you want to report a security issue, please see here on how to do this:

yhnbgf · November 1, 2023, 3:38pm

is the insecure transfer of cookies on http a valid security issue? @dasniko s

Topic	Replies	Views
Cookie does not contain secure/HTTPOnly attribute Securing applications	1329	January 11, 2021
Kc_session Secure flag	1192	December 10, 2021
Cookie Security Configuring the server	1896	March 24, 2021
Keycloak 26 CookieProvider not recognizing secure requests Securing applications authentication	349	October 15, 2024
Is the keycloak client adapter (javascript adapter) secure enough? Securing applications	674	March 5, 2021