Released Enhancements
HttpOnly Flag Added to Cookies
Issue: Certain cookies were missing the HttpOnly flag.
Resolution: Cookies have been updated to include the HttpOnly flag where applicable, restricting access from JavaScript and improving session token protection.
Secure Flag Added to Cookies
Issue: Cookies were being set without the Secure flag.
Resolution: Affected cookies are now set with the Secure flag, ensuring they are only transmitted over HTTPS.
Missing Content-Type Headers
Issue: Certain HTTP responses were missing the Content-Type header
Resolution: The application now correctly sets the Content-Type header to define media types, improving content rendering and security.
SameSite Attribute Set on Cookies
Issue: Cookies were missing the SameSite attribute
Resolution: All cookies have been updated to include an appropriate SameSite value (Strict, Lax, or None), aligning with best practices for CSRF (Cross-Site Request Forgery) prevention. Cookies using SameSite=None are also set with the Secure flag.