Skip to content
Snippets Groups Projects
Commit ab42decb authored by Fredrik Jonsson's avatar Fredrik Jonsson
Browse files

Set COOKIE_SECURE to true in env var to set session and CSRF cookies to... 

Set COOKIE_SECURE to true in env var to set session and CSRF cookies to secure, only passed over https. Also added CSRF_COOKIE_SAMESITE example to local.py.example
parent 1a7645bb
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
opentech/settings/base.py
+ 4
0
View file @ ab42decb
...@@ -596,6 +596,10 @@ if env.get('SECURE_BROWSER_XSS_FILTER', 'true').lower().strip() == 'true': ...@@ -596,6 +596,10 @@ if env.get('SECURE_BROWSER_XSS_FILTER', 'true').lower().strip() == 'true':
if env.get('SECURE_CONTENT_TYPE_NOSNIFF', 'true').lower().strip() == 'true': if env.get('SECURE_CONTENT_TYPE_NOSNIFF', 'true').lower().strip() == 'true':
SECURE_CONTENT_TYPE_NOSNIFF = True SECURE_CONTENT_TYPE_NOSNIFF = True
if env.get('COOKIE_SECURE', 'false').lower().strip() == 'true':
SESSION_COOKIE_SECURE = True
CSRF_COOKIE_SECURE = True
# Referrer-policy header settings # Referrer-policy header settings
# https://django-referrer-policy.readthedocs.io/en/1.0/ # https://django-referrer-policy.readthedocs.io/en/1.0/
......
opentech/settings/local.py.example
+ 4
0
View file @ ab42decb
...@@ -25,3 +25,7 @@ CACHES = { ...@@ -25,3 +25,7 @@ CACHES = {
# Enable Wagtail Cache while developing # Enable Wagtail Cache while developing
# WAGTAIL_CACHE = True # WAGTAIL_CACHE = True
# If you have a problem with "CSRF cookie not set".
# CSRF_COOKIE_SAMESITE = None
# SESSION_COOKIE_SAMESITE = None
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment