settings: harden CRSF cookie's
Harden the CSRF cookie's by allowing them HTTP ONLY and marking them as secure. Closes: #173
This commit is contained in:
parent
daf554d29b
commit
40d5fc5db4
@ -79,6 +79,10 @@
|
|||||||
SESSION_ENGINE = 'django.contrib.sessions.backends.cached_db'
|
SESSION_ENGINE = 'django.contrib.sessions.backends.cached_db'
|
||||||
SESSION_COOKIE_HTTPONLY = True
|
SESSION_COOKIE_HTTPONLY = True
|
||||||
|
|
||||||
|
# CRSF cookie
|
||||||
|
CSRF_COOKIE_SECURE = True
|
||||||
|
CSRF_COOKIE_HTTPONLY = True
|
||||||
|
|
||||||
# Clickjacking protection
|
# Clickjacking protection
|
||||||
X_FRAME_OPTIONS = 'DENY'
|
X_FRAME_OPTIONS = 'DENY'
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user