diff options
author | Jelle van der Waa <jelle@vdwaa.nl> | 2019-02-05 21:56:29 +0100 |
---|---|---|
committer | Jelle van der Waa <jelle@vdwaa.nl> | 2019-02-05 21:56:29 +0100 |
commit | 40d5fc5db4cd116ac9ed5e071eacbc1c753030c5 (patch) | |
tree | ae3d7a1e187bbbdb178113383d43f4a3cf49c8f0 | |
parent | daf554d29bcfed8bb285d95a345a55b52389d3b3 (diff) | |
download | archweb-40d5fc5db4cd116ac9ed5e071eacbc1c753030c5.tar.gz archweb-40d5fc5db4cd116ac9ed5e071eacbc1c753030c5.zip |
settings: harden CRSF cookie's
Harden the CSRF cookie's by allowing them HTTP ONLY and marking them as
secure.
Closes: #173
-rw-r--r-- | settings.py | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/settings.py b/settings.py index f5b282c2..a96984c6 100644 --- a/settings.py +++ b/settings.py @@ -79,6 +79,10 @@ MESSAGE_STORAGE = 'django.contrib.messages.storage.session.SessionStorage' SESSION_ENGINE = 'django.contrib.sessions.backends.cached_db' SESSION_COOKIE_HTTPONLY = True +# CRSF cookie +CSRF_COOKIE_SECURE = True +CSRF_COOKIE_HTTPONLY = True + # Clickjacking protection X_FRAME_OPTIONS = 'DENY' |