From b12bcc882dc7f5be23fec49fa61ef16f4379fff7 Mon Sep 17 00:00:00 2001
From: redfast00 <redfast00@gmail.com>
Date: Wed, 11 Sep 2019 16:43:42 +0200
Subject: [PATCH] Make cookies more secure

---
 app/app.py | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/app/app.py b/app/app.py
index 8e6c063..a861709 100644
--- a/app/app.py
+++ b/app/app.py
@@ -94,6 +94,15 @@ def register_plugins(app: Flask, debug: bool) -> Manager:
     # Load the flask debug toolbar
     toolbar = DebugToolbarExtension(app)
 
+    # Make cookies more secure
+    app.config.update(
+        SESSION_COOKIE_HTTPONLY=True,
+        SESSION_COOKIE_SAMESITE='Lax',
+    )
+
+    if not app.debug:
+        app.config.update(SESSION_COOKIE_SECURE=True)
+
     return manager