profile photo of Drew DennisonDrew Dennison
Download Count*

Rules for OWASP security checks for python

Run Locally

Rules (2)

profile photo of returntocorpreturntocorp

Found a Flask cookie without secure, httponly, or samesite correctly set. Flask cookies should be handled securely by setting secure=True, httponly=True, and samesite='Lax' in response.set_cookie(...). If these parameters are not properly set, your cookies are not properly protected and are at risk of being stolen by an attacker. Include the 'secure=True', 'httponly=True', samesite='Lax' arguments or set these to be true in the Flask configuration.