This repository has been archived by the owner on Jul 11, 2023. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 450
Set Secure flag for ga cookies #412
Comments
Had a question about this as well. I'm getting this error:
if anyone has solutions to this please let me know |
I also need to know how to solve this, can't use GA in an iframe anymore due to the lack of SameSite and Secure, cookie flags. |
I've made a PR for this addition, I've tested it locally, works great -> #423 |
This has been merged and released in v3.0.0. Thread should be closed. |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Hi everyone,
We recently had a penetration test done and found that ga cookies were not set with the secure attribute. As far as I know the only editable cookie fields are
cookieDomain
,cookieName
andcookieExpires
.Is there another way to set the secure flag on these cookies, or is it not necessary to do so even from a security perspective? Feedback is much appreciated, thanks!
Edit
I tried setting the
forceSSL
flag (as below), but it doesn't work:The text was updated successfully, but these errors were encountered: