mirror of https://github.com/snachodog/mybuddy.git
Set `HttpOnly` flag on cookies
This commit is contained in:
parent
0e6a5cb08a
commit
c8d48945f2
|
@ -240,9 +240,11 @@ if os.environ.get('SECURE_PROXY_SSL_HEADER'):
|
||||||
SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
|
SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
|
||||||
|
|
||||||
# https://docs.djangoproject.com/en/3.2/topics/http/sessions/#settings
|
# https://docs.djangoproject.com/en/3.2/topics/http/sessions/#settings
|
||||||
|
SESSION_COOKIE_HTTPONLY = True
|
||||||
SESSION_COOKIE_SECURE = True
|
SESSION_COOKIE_SECURE = True
|
||||||
|
|
||||||
# https://docs.djangoproject.com/en/3.2/ref/csrf/#settings
|
# https://docs.djangoproject.com/en/3.2/ref/csrf/#settings
|
||||||
|
CSRF_COOKIE_HTTPONLY = True
|
||||||
CSRF_COOKIE_SECURE = True
|
CSRF_COOKIE_SECURE = True
|
||||||
|
|
||||||
# https://docs.djangoproject.com/en/3.2/topics/auth/passwords/
|
# https://docs.djangoproject.com/en/3.2/topics/auth/passwords/
|
||||||
|
|
Loading…
Reference in New Issue