Running latest docker build. Our security audit reported below
The host is running a server with SSL/TLS and is prone to information disclosure vulnerability.
The cookies: Set-Cookie: PHPSESSID=replaced; path=/; HttpOnly; SameSite=Lax are missing the “secure” attribute.
The flaw is due to cookie is not using ‘secure’ attribute, which allows cookie to be passed to the server by the client over non-secure channels (http) and allows attacker to conduct session hijacking attacks.
Server with SSL/TLS.
Set the ‘secure’ attribute for any cookies that are sent over a SSL/TLS connection.
Any way to fix this issue?