reorganize cookie settings and make them always secure

2017-12-14 23:01:49 +01:00 · 2017-12-14 23:01:49 +01:00 · a2987cfbb3
commit a2987cfbb3
parent 8b27084335
2 changed files with 12 additions and 6 deletions
--- a/src/c3nav/mapdata/views.py
+++ b/src/c3nav/mapdata/views.py
@ -24,7 +24,9 @@ def set_tile_access_cookie(request, response):
    if access_permissions:
        cookie = build_tile_access_cookie(access_permissions, settings.SECRET_TILE_KEY)
        response.set_cookie(settings.TILE_ACCESS_COOKIE_NAME, cookie, max_age=60,
-                            domain=settings.TILE_ACCESS_COOKIE_DOMAIN)
+                            domain=settings.TILE_ACCESS_COOKIE_DOMAIN,
+                            httponly=settings.TILE_ACCESS_COOKIE_HTTPONLY,
+                            secure=settings.TILE_ACCESS_COOKIE_SECURE)
    else:
        response.delete_cookie(settings.TILE_ACCESS_COOKIE_NAME)
    response['Cache-Control'] = 'no-cache'