From 055797482beaffd02267971388d4d728d0243abf Mon Sep 17 00:00:00 2001 From: nd <git@notandy.de> Date: Sat, 30 Jan 2021 22:35:41 +0100 Subject: [PATCH] added CSRF cookie protection --- default_config.py | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/default_config.py b/default_config.py index 741533d..4d3d061 100644 --- a/default_config.py +++ b/default_config.py @@ -8,3 +8,7 @@ OAUTH2_AUTH_URL = 'http://localhost:5001/oauth2/authorize' OAUTH2_TOKEN_URL = 'http://localhost:5001/oauth2/token' OAUTH2_USERINFO_URL = 'http://localhost:5001/oauth2/userinfo' +# CSRF protection +SESSION_COOKIE_SECURE=True +SESSION_COOKIE_HTTPONLY=True +SESSION_COOKIE_SAMESITE='Strict' -- GitLab