Unset HttpOnly for CSRF cookie
This commit is contained in:
parent
bc95a8ea21
commit
dde014860a
GPG key ID:
57AFB45680EDD477
1 changed files with 3 additions and 1 deletions
|
|
@ -396,9 +396,11 @@ SECURE_REFERRER_POLICY = "same-origin"
|
|||
SESSION_COOKIE_SECURE = not DEBUG
|
||||
SESSION_COOKIE_AGE = 2419200 # About a month
|
||||
CSRF_COOKIE_SECURE = not DEBUG
|
||||
CSRF_COOKIE_HTTPONLY = True
|
||||
SESSION_COOKIE_HTTPONLY = True
|
||||
|
||||
# https://github.com/wagtail/wagtail-autocomplete/issues/149
|
||||
CSRF_COOKIE_HTTPONLY = False
|
||||
|
||||
SECURE_PROXY_SSL_HEADER = ("HTTP_X_FORWARDED_PROTO", "https")
|
||||
|
||||
PERMISSIONS_POLICY: dict[str, list] = {
|
||||
|
|
|
|||
Loading…
Reference in a new issue