Improve a bit the cookie's hardening

- Samesite for session cookies as well as the remember me ones
- Httponly
pull/1368/head
jvoisin 5 years ago
parent 189243a9b0
commit bf166b757a

@ -56,6 +56,12 @@ mimetypes.add_type('application/ogg', '.ogg')
mimetypes.add_type('application/ogg', '.oga') mimetypes.add_type('application/ogg', '.oga')
app = Flask(__name__) app = Flask(__name__)
app.config.update(
SESSION_COOKIE_HTTPONLY=True,
SESSION_COOKIE_SAMESITE='Lax',
REMEMBER_COOKIE_SAMESITE='Lax',
)
lm = LoginManager() lm = LoginManager()
lm.login_view = 'web.login' lm.login_view = 'web.login'

Loading…
Cancel
Save