Skip to content
Snippets Groups Projects
Unverified Commit d8509a05 authored by Fredrik Jonsson's avatar Fredrik Jonsson Committed by GitHub
Browse files

Merge pull request #1521 from OpenTechFund/fix/cookie-security 

Set COOKIE_SECURE to true in env var to set session and CSRF cookies …
parents 5315785d ab42decb
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
opentech/settings/base.py
+ 4
0
View file @ d8509a05
...@@ -599,6 +599,10 @@ if env.get('SECURE_BROWSER_XSS_FILTER', 'true').lower().strip() == 'true': ...@@ -599,6 +599,10 @@ if env.get('SECURE_BROWSER_XSS_FILTER', 'true').lower().strip() == 'true':
if env.get('SECURE_CONTENT_TYPE_NOSNIFF', 'true').lower().strip() == 'true': if env.get('SECURE_CONTENT_TYPE_NOSNIFF', 'true').lower().strip() == 'true':
SECURE_CONTENT_TYPE_NOSNIFF = True SECURE_CONTENT_TYPE_NOSNIFF = True
if env.get('COOKIE_SECURE', 'false').lower().strip() == 'true':
SESSION_COOKIE_SECURE = True
CSRF_COOKIE_SECURE = True
# Referrer-policy header settings # Referrer-policy header settings
# https://django-referrer-policy.readthedocs.io/en/1.0/ # https://django-referrer-policy.readthedocs.io/en/1.0/
......
opentech/settings/local.py.example
+ 4
0
View file @ d8509a05
...@@ -25,3 +25,7 @@ CACHES = { ...@@ -25,3 +25,7 @@ CACHES = {
# Enable Wagtail Cache while developing # Enable Wagtail Cache while developing
# WAGTAIL_CACHE = True # WAGTAIL_CACHE = True
# If you have a problem with "CSRF cookie not set".
# CSRF_COOKIE_SAMESITE = None
# SESSION_COOKIE_SAMESITE = None
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment