Evolinx/evorepo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

settings: harden CRSF cookie's

Browse Source 
Harden the CSRF cookie's by allowing them HTTP ONLY and marking them as
secure.

Closes: #173
This commit is contained in:
Jelle van der Waa 2019-02-05 21:56:29 +01:00
parent daf554d29b
commit 40d5fc5db4
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
settings.py
View File

@ -79,6 +79,10 @@
SESSION_ENGINE = 'django.contrib.sessions.backends.cached_db' SESSION_ENGINE = 'django.contrib.sessions.backends.cached_db'
SESSION_COOKIE_HTTPONLY = True SESSION_COOKIE_HTTPONLY = True
# CRSF cookie
CSRF_COOKIE_SECURE = True
CSRF_COOKIE_HTTPONLY = True
# Clickjacking protection # Clickjacking protection
X_FRAME_OPTIONS = 'DENY' X_FRAME_OPTIONS = 'DENY'