From d9f6c44f59ebdce4a501913cdbe0ff531157661e Mon Sep 17 00:00:00 2001
From: "Christopher C. Wells" <git@chris-wells.net>
Date: Sat, 31 Jul 2021 05:35:50 -0700
Subject: [PATCH] Add secure attribute to cookies

---
 babybuddy/settings/base.py | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/babybuddy/settings/base.py b/babybuddy/settings/base.py
index d90b3be5..4d0122a1 100644
--- a/babybuddy/settings/base.py
+++ b/babybuddy/settings/base.py
@@ -269,6 +269,13 @@ AXES_FAILURE_LIMIT = 5
 
 ROLLING_SESSION_REFRESH = 86400
 
+# Security
+# See https://docs.djangoproject.com/en/3.2/topics/http/sessions/#settings
+# See https://docs.djangoproject.com/en/3.2/ref/csrf/#settings
+
+SESSION_COOKIE_SECURE = True
+CSRF_COOKIE_SECURE = True
+
 # Set default auto field for models.
 # See https://docs.djangoproject.com/en/3.2/releases/3.2/#customizing-type-of-auto-created-primary-keys