From 65d838be6a4e7133d62b3d8958ca24ee76952529 Mon Sep 17 00:00:00 2001
From: nd <git@notandy.de>
Date: Sat, 30 Jan 2021 22:42:55 +0100
Subject: [PATCH] added CSRF cookie protection

---
 uffd/default_config.cfg | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/uffd/default_config.cfg b/uffd/default_config.cfg
index 6febfc1a..f87d040a 100644
--- a/uffd/default_config.cfg
+++ b/uffd/default_config.cfg
@@ -12,6 +12,11 @@ LDAP_USER_MIN_UID=10000
 LDAP_USER_MAX_UID=18999
 
 SESSION_LIFETIME_SECONDS=3600
+# CSRF protection
+SESSION_COOKIE_SECURE=True
+SESSION_COOKIE_HTTPONLY=True
+SESSION_COOKIE_SAMESITE='Strict'
+
 
 ACL_ADMIN_GROUP="uffd_admin"
 ACL_SELFSERVICE_GROUP="uffd_access"
-- 
GitLab