The xsrf cookie token is not a 'secure' cookie for secure('https') requests

2013-10-21T03:42:12
ID ATLASSIAN:JRASERVER-35409
Type atlassian
Reporter dblack
Modified 2019-03-28T00:11:50

Description

To prevent against man in the middle attacks the xsrf cookie token should have the 'secure' attribute set.