From a4471a49eec5b38e33aed269bdc19e6ae1173d91 Mon Sep 17 00:00:00 2001
From: Jake Howard <git@theorangeone.net>
Date: Thu, 25 Aug 2022 23:16:20 +0100
Subject: [PATCH] Store cookies securely

---
 website/settings.py | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/website/settings.py b/website/settings.py
index 5bef242..68fead9 100644
--- a/website/settings.py
+++ b/website/settings.py
@@ -277,6 +277,11 @@ SECURE_CONTENT_TYPE_NOSNIFF = True
 X_FRAME_OPTIONS = "DENY"
 SECURE_REFERRER_POLICY = "same-origin"
 
+SESSION_COOKIE_SECURE = not DEBUG
+CSRF_COOKIE_SECURE = not DEBUG
+CSRF_COOKIE_HTTPONLY = True
+SESSION_COOKIE_HTTPONLY = True
+
 SECURE_PROXY_SSL_HEADER = ("HTTP_X_FORWARDED_PROTO", "https")
 
 if not DEBUG: