Make cookies more secure

2019-09-11 16:43:42 +02:00 · 2019-09-11 16:43:42 +02:00 · b12bcc882d
parent d75732fdcf
commit b12bcc882d
1 changed files with 9 additions and 0 deletions
--- a/app/app.py
+++ b/app/app.py
@ -94,6 +94,15 @@ def register_plugins(app: Flask, debug: bool) -> Manager:
    # Load the flask debug toolbar
    toolbar = DebugToolbarExtension(app)

+    # Make cookies more secure
+    app.config.update(
+        SESSION_COOKIE_HTTPONLY=True,
+        SESSION_COOKIE_SAMESITE='Lax',
+    )
+
+    if not app.debug:
+        app.config.update(SESSION_COOKIE_SECURE=True)
+
    return manager