The openvas scan against grafana server revealed the cookie setting
Set-Cookie: redirect_to=%252F; Path=/
which is flagged as insecure because it does not have the ‘httponly’ attribute.
Is there a directive say in grafana.ini, similar to
cookie_secure = false
that can add such attribute? For example,
cookie_httponly = true
will result in
Set-Cookie: redirect_to=%252F; Path=/; HttpOnly
This will make grafana more pci compliant.