terokaa | 2025-01-16 07:46:02 UTC | #1
Greetings,
Our Embeddable Framework Dynamics integration went thru security audit and we got notification for framework cookies being 'SameSite=None; Secure'. Security audit noted that cookie settings should be SameSite=Lax or SameSite=Strict. Additionally HttpOnly should be turned on.
Is there anything that me as integration developer can do to adjust these cookie values?
Cookies reported:
- DisconnectedInteractionIds
- EmbeddableFramework.file
- JSESSIONID
- ScreenPopped
- UserPreferences
- WebRTCUserPreferences
- accessToken
- agentDisconnectedCallsWithoutErrors
- cwc-heartbeat-primaryTabHeartbeat
- cwc-notifications
- cwcConnected
- cwcUserStation
- externalIds
- headsetConnectionStatus
- pcAuth-userPrefLanguageTag
- pcAuth-userPrefLocale
- primaryTab
- tokenExpiration
- userLanguage
system | 2025-02-16 07:46:23 UTC | #2
This topic was automatically closed 31 days after the last reply. New replies are no longer allowed.
This post was migrated from the old Developer Forum.
ref: 31236