Unset HttpOnly for CSRF cookie

This commit is contained in:
Jake Howard 2023-04-16 16:44:21 +01:00
parent bc95a8ea21
commit dde014860a
Signed by: jake
GPG key ID: 57AFB45680EDD477

View file

@ -396,9 +396,11 @@ SECURE_REFERRER_POLICY = "same-origin"
SESSION_COOKIE_SECURE = not DEBUG SESSION_COOKIE_SECURE = not DEBUG
SESSION_COOKIE_AGE = 2419200 # About a month SESSION_COOKIE_AGE = 2419200 # About a month
CSRF_COOKIE_SECURE = not DEBUG CSRF_COOKIE_SECURE = not DEBUG
CSRF_COOKIE_HTTPONLY = True
SESSION_COOKIE_HTTPONLY = True SESSION_COOKIE_HTTPONLY = True
# https://github.com/wagtail/wagtail-autocomplete/issues/149
CSRF_COOKIE_HTTPONLY = False
SECURE_PROXY_SSL_HEADER = ("HTTP_X_FORWARDED_PROTO", "https") SECURE_PROXY_SSL_HEADER = ("HTTP_X_FORWARDED_PROTO", "https")
PERMISSIONS_POLICY: dict[str, list] = { PERMISSIONS_POLICY: dict[str, list] = {