simorgh icon indicating copy to clipboard operation
simorgh copied to clipboard

Published 20 hours ago verified publisher icon bbc

Fix: Clear text transmission of sensitive cookie code scanning alerts

Open DarioR01 opened this issue 1 year ago • 1 comments

Resolves N/A

Overall change: Adds secure attribute to analyticsUtils cookie as suggested by the code scanning

js-cookies docs

Code changes:

  • adds secure attribute to analyticsUtils cookie.
  • [ ] I have assigned myself to this PR and the corresponding issues
  • [ ] I have added the cross-team label to this PR if it requires visibility across World Service teams
  • [ ] I have assigned this PR to the Simorgh project
  • [ ] (BBC contributors only) This PR follows the repository use guidelines

Testing:

  • [ ] Automated (jest and/or cypress) tests added (for new features) or updated (for existing features)
  • [ ] If necessary, I have run the local E2E non-smoke tests relevant to my changes (CYPRESS_APP_ENV=local CYPRESS_SMOKE=false yarn test:e2e:interactive)
  • [ ] This PR requires manual testing

DarioR01 avatar Sep 22 '22 08:09 DarioR01

https://github.com/bbc/simorgh/blob/e37762a5f4a068255ffd9978a716305b482d8f36/src/app/legacy/containers/PageHandlers/withOptimizelyProvider/getOptimizelyUserId/index.js#L17

Might as well add it here while you're at it

Added 👌

DarioR01 avatar Sep 22 '22 10:09 DarioR01