Set `HttpOnly` flag on cookies

This commit is contained in:
Christopher C. Wells 2021-09-16 19:37:04 -07:00
parent 0e6a5cb08a
commit c8d48945f2
1 changed files with 2 additions and 0 deletions

View File

@ -240,9 +240,11 @@ if os.environ.get('SECURE_PROXY_SSL_HEADER'):
SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https') SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
# https://docs.djangoproject.com/en/3.2/topics/http/sessions/#settings # https://docs.djangoproject.com/en/3.2/topics/http/sessions/#settings
SESSION_COOKIE_HTTPONLY = True
SESSION_COOKIE_SECURE = True SESSION_COOKIE_SECURE = True
# https://docs.djangoproject.com/en/3.2/ref/csrf/#settings # https://docs.djangoproject.com/en/3.2/ref/csrf/#settings
CSRF_COOKIE_HTTPONLY = True
CSRF_COOKIE_SECURE = True CSRF_COOKIE_SECURE = True
# https://docs.djangoproject.com/en/3.2/topics/auth/passwords/ # https://docs.djangoproject.com/en/3.2/topics/auth/passwords/