From a0294101034575fa194f5f6c65ff80cedef0421e Mon Sep 17 00:00:00 2001
From: Markus Strehle <11627201+strehle@users.noreply.github.com>
Date: Mon, 2 Jun 2025 21:30:40 +0200
Subject: [PATCH] Potential fix for code scanning alert no. 43: Failure to use
 secure cookies

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
---
 .../org/cloudfoundry/identity/uaa/login/LoginInfoEndpoint.java   | 1 +
 1 file changed, 1 insertion(+)

diff --git a/server/src/main/java/org/cloudfoundry/identity/uaa/login/LoginInfoEndpoint.java b/server/src/main/java/org/cloudfoundry/identity/uaa/login/LoginInfoEndpoint.java
index e127c744e15..f983a42cdb2 100755
--- a/server/src/main/java/org/cloudfoundry/identity/uaa/login/LoginInfoEndpoint.java
+++ b/server/src/main/java/org/cloudfoundry/identity/uaa/login/LoginInfoEndpoint.java
@@ -627,6 +627,7 @@ public String deleteSavedAccount(HttpServletRequest request, HttpServletResponse
         Cookie cookie = new Cookie("Saved-Account-%s".formatted(userId), "");
         cookie.setMaxAge(0);
         cookie.setPath(request.getContextPath() + "/login");
+        cookie.setSecure(true);
         response.addCookie(cookie);
         return "redirect:/login";
     }