settings: harden CRSF cookie's
Harden the CSRF cookie's by allowing them HTTP ONLY and marking them as secure. Closes: #173
This commit is contained in:
parent
daf554d29b
commit
40d5fc5db4
@ -79,6 +79,10 @@
|
||||
SESSION_ENGINE = 'django.contrib.sessions.backends.cached_db'
|
||||
SESSION_COOKIE_HTTPONLY = True
|
||||
|
||||
# CRSF cookie
|
||||
CSRF_COOKIE_SECURE = True
|
||||
CSRF_COOKIE_HTTPONLY = True
|
||||
|
||||
# Clickjacking protection
|
||||
X_FRAME_OPTIONS = 'DENY'
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user