A flaw was found in Ansible. Sensitive Cookies without Security Flags over non-encrypted channels may lead to Man-in-the-Middle (MitM) and Cross-site Scripting (XSS). 

Flags such as "Set-Cookie: EXAMPLE=AAAABBBBCCCCDDDDAAAABBBCCC; path=/; HttpOnly; Secure;
SameSite=[Strict or Lax];" are required to mitigate this issue.