From 166441b3e3ab2cf1fd9ad2f24321db7f85cf7e77 Mon Sep 17 00:00:00 2001 From: Jake Howard Date: Fri, 5 Jan 2024 15:59:23 +0000 Subject: [PATCH] Set CSRF cookie as httpOnly --- website/settings.py | 3 --- 1 file changed, 3 deletions(-) diff --git a/website/settings.py b/website/settings.py index 34e8dea..5b944ea 100644 --- a/website/settings.py +++ b/website/settings.py @@ -398,9 +398,6 @@ SESSION_COOKIE_AGE = 2419200 # About a month CSRF_COOKIE_SECURE = not DEBUG SESSION_COOKIE_HTTPONLY = True -# https://github.com/wagtail/wagtail-autocomplete/issues/149 -CSRF_COOKIE_HTTPONLY = False - SECURE_PROXY_SSL_HEADER = ("HTTP_X_FORWARDED_PROTO", "https") PERMISSIONS_POLICY: dict[str, list] = {