entrouvert
/
hobo
16
0
Fork 0
Code Issues Pull Requests 16 Releases Activity

debian: set CSRF_COOKIE_HTTPONLY by default (#21030)

This commit is contained in:
Frédéric Péters 2018-01-07 12:31:48 +01:00
parent c74241d420
commit 8e230861e6
1 changed files with 1 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
debian/debian_config_common.py vendored
View File

@ -200,6 +200,7 @@ else:
# Browsers may ensure that cookies are only sent under an HTTPS connection
CSRF_COOKIE_SECURE = True
CSRF_COOKIE_HTTPONLY = True
SESSION_COOKIE_SECURE = True
SESSION_EXPIRE_AT_BROWSER_CLOSE = True
SESSION_COOKIE_AGE = 36000 # 10h