NunoSempere/calibre-web
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Improve a bit the cookie's hardening

Browse Source 
- Samesite for session cookies as well as the remember me ones
- Httponly
This commit is contained in:
jvoisin 2020-05-09 14:42:28 +02:00
parent 189243a9b0
commit bf166b757a
1 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
cps/__init__.py
View File

@ -56,6 +56,12 @@ mimetypes.add_type('application/ogg', '.ogg')
mimetypes.add_type('application/ogg', '.oga') mimetypes.add_type('application/ogg', '.oga')
app = Flask(__name__) app = Flask(__name__)
app.config.update(
SESSION_COOKIE_HTTPONLY=True,
SESSION_COOKIE_SAMESITE='Lax',
REMEMBER_COOKIE_SAMESITE='Lax',
)
lm = LoginManager() lm = LoginManager()
lm.login_view = 'web.login' lm.login_view = 'web.login'