repos
/
website
1
Fork 0
Code Issues 1 Pull Requests 26 Activity

Set CSRF cookie as httpOnly

This commit is contained in:
Jake Howard 2024-01-05 15:59:23 +00:00
parent 307cd7fe26
commit 166441b3e3
Signed by: jake
GPG Key ID: 57AFB45680EDD477
1 changed files with 0 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
website/settings.py
View File

@ -398,9 +398,6 @@ SESSION_COOKIE_AGE = 2419200 # About a month
CSRF_COOKIE_SECURE = not DEBUG
SESSION_COOKIE_HTTPONLY = True
# https://github.com/wagtail/wagtail-autocomplete/issues/149
CSRF_COOKIE_HTTPONLY = False
SECURE_PROXY_SSL_HEADER = ("HTTP_X_FORWARDED_PROTO", "https")
PERMISSIONS_POLICY: dict[str, list] = {