steve
/
mybuddy
mirror of https://github.com/snachodog/mybuddy.git
1
0
Fork 0
Code Issues 3 Packages Projects 1 Releases Wiki Activity

Set `HttpOnly` flag on cookies

This commit is contained in:
Christopher C. Wells 2021-09-16 19:37:04 -07:00
parent 0e6a5cb08a
commit c8d48945f2
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
babybuddy/settings/base.py
View File

@ -240,9 +240,11 @@ if os.environ.get('SECURE_PROXY_SSL_HEADER'):
SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
# https://docs.djangoproject.com/en/3.2/topics/http/sessions/#settings
SESSION_COOKIE_HTTPONLY = True
SESSION_COOKIE_SECURE = True
# https://docs.djangoproject.com/en/3.2/ref/csrf/#settings
CSRF_COOKIE_HTTPONLY = True
CSRF_COOKIE_SECURE = True
# https://docs.djangoproject.com/en/3.2/topics/auth/passwords/