From 055797482beaffd02267971388d4d728d0243abf Mon Sep 17 00:00:00 2001
From: nd <git@notandy.de>
Date: Sat, 30 Jan 2021 22:35:41 +0100
Subject: [PATCH] added CSRF cookie protection

---
 default_config.py | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/default_config.py b/default_config.py
index 741533d..4d3d061 100644
--- a/default_config.py
+++ b/default_config.py
@@ -8,3 +8,7 @@ OAUTH2_AUTH_URL = 'http://localhost:5001/oauth2/authorize'
 OAUTH2_TOKEN_URL = 'http://localhost:5001/oauth2/token'
 OAUTH2_USERINFO_URL = 'http://localhost:5001/oauth2/userinfo'
 
+# CSRF protection
+SESSION_COOKIE_SECURE=True
+SESSION_COOKIE_HTTPONLY=True
+SESSION_COOKIE_SAMESITE='Strict'
-- 
GitLab