diff --git a/default_config.py b/default_config.py index 741533dec1b97be4181a2edd7159ce11a66acb38..4d3d06163730cda9b6e2838fcd5e344d9fee7e7e 100644 --- a/default_config.py +++ b/default_config.py @@ -8,3 +8,7 @@ OAUTH2_AUTH_URL = 'http://localhost:5001/oauth2/authorize' OAUTH2_TOKEN_URL = 'http://localhost:5001/oauth2/token' OAUTH2_USERINFO_URL = 'http://localhost:5001/oauth2/userinfo' +# CSRF protection +SESSION_COOKIE_SECURE=True +SESSION_COOKIE_HTTPONLY=True +SESSION_COOKIE_SAMESITE='Strict'