debian: set CSRF_COOKIE_HTTPONLY by default (#21030)
This commit is contained in:
parent
c74241d420
commit
8e230861e6
|
@ -200,6 +200,7 @@ else:
|
|||
|
||||
# Browsers may ensure that cookies are only sent under an HTTPS connection
|
||||
CSRF_COOKIE_SECURE = True
|
||||
CSRF_COOKIE_HTTPONLY = True
|
||||
SESSION_COOKIE_SECURE = True
|
||||
SESSION_EXPIRE_AT_BROWSER_CLOSE = True
|
||||
SESSION_COOKIE_AGE = 36000 # 10h
|
||||
|
|
Loading…
Reference in New Issue