Make the ui_lang & accepts-cookies preference cookies Secure

[brionmario]

Purpose

This pull request includes several changes aimed at enhancing the security of cookies by making them secure. The changes span across multiple files and involve adding the Secure attribute to cookies and updating related functions to support additional options for cookies.

Security Enhancements:

• .changeset/cyan-cheetahs-warn.md: Documented the changes as patch updates for several packages and specified making the ui_lang & accepts-cookies preference cookies Secure.

• apps/myaccount/src/components/shared/header.tsx: Updated the setCookie function call to include the secure option.

• apps/myaccount/src/layouts/dashboard.tsx: Updated the setCookie function call to include the secure option.

• identity-apps-core/apps/authentication-portal/src/main/webapp/includes/footer.jsp: Added the Secure attribute to the cookie consent clear function.

• identity-apps-core/apps/authentication-portal/src/main/webapp/includes/language-switcher.jsp: Modified the setCookie function to accept additional options (httpOnly and secure) and updated the function implementation accordingly.

• identity-apps-core/apps/recovery-portal/src/main/webapp/includes/footer.jsp: Added the Secure attribute to the cookie consent clear function.

• identity-apps-core/apps/recovery-portal/src/main/webapp/includes/language-switcher.jsp: Modified the setCookie function to accept additional options (httpOnly and secure) and updated the function implementation accordingly. [1] [2]

• identity-apps-core/apps/x509-certificate-authentication-portal/src/main/webapp/includes/footer.jsp: Added the Secure attribute to the cookie consent clear function.

• identity-apps-core/apps/x509-certificate-authentication-portal/src/main/webapp/includes/language-switcher.jsp: Modified the setCookie function to accept additional options (httpOnly and secure) and updated the function implementation accordingly.

• modules/core/src/utils/__tests__/cookie-storage-utils.test.ts: Added a test case to verify that the setCookie function correctly sets cookies with HttpOnly and Secure options.

• modules/core/src/utils/storage-utils.ts: Updated the setCookie function in CookieStorageUtils to accept additional options (httpOnly and secure) and updated the function implementation accordingly. [1] [2] [3]

• modules/react-components/src/components/banner/cookie-consent-banner.tsx: Updated the setCookie function call to include the secure option.

Related Issues

• IS 7.0 Cookie Consent Banner does not work with Second-Level domains and missing 'Secure' Flag. product-is#22831

Related PRs

• N/A

Checklist

• e2e cypress tests locally verified. (for internal contributers)
• Manual test round performed and verified.
• UX/UI review done on the final implementation.
• Documentation provided. (Add links if there are any)
• Relevant backend changes deployed and verified
• Unit tests provided. (Add links if there are any)
• Integration tests provided. (Add links if there are any)

Security checks

• Followed secure coding standards in http://wso2.com/technical-reports/wso2-secure-engineering-guidelines
• Ran FindSecurityBugs plugin and verified report
• Confirmed that this PR doesn't commit any keys, passwords, tokens, usernames, or other secrets

[pavinduLakshan]

Do we still need to avoid const since es6 is widely supported?

https://caniuse.com/?search=es6

[pavinduLakshan]

if we set ui_lang to secure, js logic will fail to read the cookie, won't it?

https://github.com/brionmario/identity-apps/blob/master/identity-apps-core/apps/recovery-portal/src/main/webapp/includes/language-switcher.jsp#L43

[codecov]

Codecov Report

Attention: Patch coverage is 80.00000% with 1 line in your changes missing coverage. Please review.

Project coverage is 41.85%. Comparing base (07703d3) to head (b53a2f5).
Report is 45 commits behind head on master.

Files with missing lines	Patch %	Lines
modules/core/src/utils/storage-utils.ts	80.00%	1 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##           master    #7541      +/-   ##
==========================================
+ Coverage   41.77%   41.85%   +0.07%     
==========================================
  Files          42       42              
  Lines         936      939       +3     
  Branches      235      238       +3     
==========================================
+ Hits          391      393       +2     
- Misses        501      502       +1     
  Partials       44       44              

Flag	Coverage Δ
@wso2is/core	41.85% <80.00%> (+0.07%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

Files with missing lines	Coverage Δ
modules/core/src/utils/storage-utils.ts	60.00% <80.00%> (+0.47%)	⬆️