Secure cookie configuration

Hej guys

did a penetration test of my instance. It told there is a risk due to unsecure cookie which could be hijacked by XSS attack. I would like to pretend this risk by adding a line of code into nginx config. But I cannot find it as I use the docker installation.

Is someone out there who can give me a hint where to find the nginx config? In /etc/nginx/site-available is no discourse config used by nginx.

Any hint appreciated.

Kind regards

1 Like