added CSRF cookie protection

05579748 · nd · e2c95d42 · 05579748
Verified Commit 05579748 authored Jan 30, 2021 by nd
--- a/default_config.py
+++ b/default_config.py
@@ -8,3 +8,7 @@ OAUTH2_AUTH_URL = 'http://localhost:5001/oauth2/authorize'
 OAUTH2_TOKEN_URL = 'http://localhost:5001/oauth2/token'
 OAUTH2_USERINFO_URL = 'http://localhost:5001/oauth2/userinfo'

+# CSRF protection
+SESSION_COOKIE_SECURE=True
+SESSION_COOKIE_HTTPONLY=True
+SESSION_COOKIE_SAMESITE='Strict'