python-django-horizon is vulnerable to Use-After Free. An Incorrect Permission Assignment for Critical Resource flaw allows Horizon
session cookies to be created without the HttpOnly
flag despite HorizonSecureCookies
being set to true in the environmental files.