Skip to content

Commit

Permalink
Enable the secure flag by default for the session cookie
Browse files Browse the repository at this point in the history
  • Loading branch information
@danniel
danniel committed Jan 16, 2025
1 parent 3869688 commit 99e14cf
Show file tree
Hide file tree
Showing 2 changed files with 3 additions and 0 deletions.
2 changes: 2 additions & 0 deletions backend/redirectioneaza/settings/base.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,8 @@
CSRF_HEADER_NAME = "HTTP_X_XSRF_TOKEN"
CSRF_COOKIE_NAME = "XSRF-TOKEN"

SESSION_COOKIE_SECURE = env.bool("SESSION_COOKIE_SECURE")

CORS_ALLOWED_ORIGINS = env.list("CORS_ALLOWED_ORIGINS")
CORS_ALLOW_ALL_ORIGINS = env.bool("CORS_ALLOW_ALL_ORIGINS")

Expand Down
1 change: 1 addition & 0 deletions backend/redirectioneaza/settings/environment.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@
ENVIRONMENT=(str, "production"),
DATA_UPLOAD_MAX_NUMBER_FIELDS=(int, 1000),
OLD_SESSION_KEY=(str, ""),
SESSION_COOKIE_SECURE=(bool, True),
LOG_LEVEL=(str, "WARNING"),
ENABLE_CACHE=(bool, True),
ENABLE_FORMS_DOWNLOAD=(bool, True),
Expand Down

0 comments on commit 99e14cf

Please sign in to comment.