Thanks for this post, we are currently looking into this issue and a solution in order to have the most secure behavior by default.