Improve a bit the cookie's hardening

- Samesite for session cookies as well as the remember me ones - Httponly
2020-05-09 14:42:28 +02:00 · 2020-05-09 14:42:28 +02:00 · bf166b757a
commit bf166b757a
parent 189243a9b0
1 changed files with 6 additions and 0 deletions
--- a/cps/init.py
+++ b/cps/init.py
@ -56,6 +56,12 @@ mimetypes.add_type('application/ogg', '.ogg')
 mimetypes.add_type('application/ogg', '.oga')

 app = Flask(__name__)
+app.config.update(
+    SESSION_COOKIE_HTTPONLY=True,
+    SESSION_COOKIE_SAMESITE='Lax',
+    REMEMBER_COOKIE_SAMESITE='Lax',
+)
+

 lm = LoginManager()
 lm.login_view = 'web.login'