secure csrf cookie

2017-12-14 23:08:00 +01:00 · 2017-12-14 23:08:00 +01:00 · e2bf950023
commit e2bf950023
parent a2987cfbb3
1 changed files with 2 additions and 0 deletions
--- a/src/c3nav/settings.py
+++ b/src/c3nav/settings.py
@ -169,7 +169,9 @@ SESSION_COOKIE_HTTPONLY = True
 SESSION_COOKIE_SECURE = not DEBUG

 LANGUAGE_COOKIE_NAME = 'c3nav_language'
+
 CSRF_COOKIE_NAME = 'c3nav_csrftoken'
+CSRF_COOKIE_SECURE = not DEBUG

 TILE_ACCESS_COOKIE_NAME = 'c3nav_tile_access'
 TILE_ACCESS_COOKIE_DOMAIN = config.get('c3nav', 'tile_access_cookie_domain', fallback=None)