How to confirm if the HttpOnly flag is set for the web-console login URL in openshift-3.x?
Issue
- Web console csrf cookie did not have a HttpOnly flag set.
- Not able to see HttpOnly flag for the web console URL during penetration testing.
Environment
- Red Hat OpenShift Container Platform 3.x
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.