From bf166b757aa6976bc242341572d62c31c23541f4 Mon Sep 17 00:00:00 2001
From: jvoisin <julien.voisin@dustri.org>
Date: Sat, 9 May 2020 14:42:28 +0200
Subject: [PATCH] Improve a bit the cookie's hardening

- Samesite for session cookies as well as the remember me ones
- Httponly
---
 cps/__init__.py | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/cps/__init__.py b/cps/__init__.py
index 7dd4e11f..6dde0322 100644
--- a/cps/__init__.py
+++ b/cps/__init__.py
@@ -56,6 +56,12 @@ mimetypes.add_type('application/ogg', '.ogg')
 mimetypes.add_type('application/ogg', '.oga')
 
 app = Flask(__name__)
+app.config.update(
+    SESSION_COOKIE_HTTPONLY=True,
+    SESSION_COOKIE_SAMESITE='Lax',
+    REMEMBER_COOKIE_SAMESITE='Lax',
+)
+
 
 lm = LoginManager()
 lm.login_view = 'web.login'