From 40d5fc5db4cd116ac9ed5e071eacbc1c753030c5 Mon Sep 17 00:00:00 2001
From: Jelle van der Waa <jelle@vdwaa.nl>
Date: Tue, 5 Feb 2019 21:56:29 +0100
Subject: settings: harden CRSF cookie's

Harden the CSRF cookie's by allowing them HTTP ONLY and marking them as
secure.

Closes: #173
---
 settings.py | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'settings.py')

diff --git a/settings.py b/settings.py
index f5b282c2..a96984c6 100644
--- a/settings.py
+++ b/settings.py
@@ -79,6 +79,10 @@ MESSAGE_STORAGE = 'django.contrib.messages.storage.session.SessionStorage'
 SESSION_ENGINE = 'django.contrib.sessions.backends.cached_db'
 SESSION_COOKIE_HTTPONLY = True
 
+# CRSF cookie
+CSRF_COOKIE_SECURE = True
+CSRF_COOKIE_HTTPONLY = True
+
 # Clickjacking protection
 X_FRAME_OPTIONS = 'DENY'
 
-- 
cgit v1.2.3-55-g3dc8