Opendistro 1.10 breaking change - need more information

I am currently using opendistro-security plugins with ELK 7.8.0 and planning to update to the latest 1.13.x plugins. Going through the changelogs of all intermediate releases, I face difficulty in understanding one change in 1.10.

Opendistro version 1.10.0 release notes mention a breaking change in kibana - and so the upgrade guide suggests to add the foll. parameter in kibana.yml when upgrading from previous versions - false

The change was made in in this commit, however since the mentioned issue link is broken now, I can’t understand the reason of the change.

  1. Can the correct issue link be shared where this change (& its reason) is explained?
  2. Does this change mean that :
    if kibana runs on HTTP, the parameter should be set to false and
    if kibana runs on HTTPS, the parameter should be set to true ?
  3. What would be the default value of if not set in kibana.yml?

Any pointers would be appreciated.

Any updates on the above query? Thanks!

@shivani setting is used to instruct the security plugin whether to send the cookie over unencrypted network or not.

In other words, if is set to true, the cookie will only be sent if TLS is used (i.e. kibana is set up with https).

Default is false.

Hope this helps