Improve a bit the cookie's hardening

- Samesite for session cookies as well as the remember me ones
- Httponly
This commit is contained in:
jvoisin 2020-05-09 14:42:28 +02:00
parent 189243a9b0
commit bf166b757a

View File

@ -56,6 +56,12 @@ mimetypes.add_type('application/ogg', '.ogg')
mimetypes.add_type('application/ogg', '.oga')
app = Flask(__name__)
app.config.update(
SESSION_COOKIE_HTTPONLY=True,
SESSION_COOKIE_SAMESITE='Lax',
REMEMBER_COOKIE_SAMESITE='Lax',
)
lm = LoginManager()
lm.login_view = 'web.login'