Greetings,
Our Embeddable Framework Dynamics integration went thru security audit and we got notification for framework cookies being 'SameSite=None; Secure'. Security audit noted that cookie settings should be SameSite=Lax or SameSite=Strict. Additionally HttpOnly should be turned on.
Is there anything that me as integration developer can do to adjust these cookie values?
Cookies reported:
- DisconnectedInteractionIds
- EmbeddableFramework.file
- JSESSIONID
- ScreenPopped
- UserPreferences
- WebRTCUserPreferences
- accessToken
- agentDisconnectedCallsWithoutErrors
- cwc-heartbeat-primaryTabHeartbeat
- cwc-notifications
- cwcConnected
- cwcUserStation
- externalIds
- headsetConnectionStatus
- pcAuth-userPrefLanguageTag
- pcAuth-userPrefLocale
- primaryTab
- tokenExpiration
- userLanguage