feat: secure CSRF cookie based on frontend URL protocol

2025-07-18 20:39:36 +02:00 · 2025-05-31 17:30:33 -04:00 · 2025-05-31 17:30:33 -04:00 · 806efd71bf
commit 806efd71bf
parent e89f2a947e
1 changed files with 2 additions and 0 deletions
--- a/backend/server/main/settings.py
+++ b/backend/server/main/settings.py
@ -147,6 +147,8 @@ SESSION_COOKIE_SAMESITE = 'Lax'
 SESSION_COOKIE_NAME = 'sessionid'

 SESSION_COOKIE_SECURE = FRONTEND_URL.startswith('https')
+CSRF_COOKIE_SECURE = FRONTEND_URL.startswith('https')
+

 hostname = urlparse(FRONTEND_URL).hostname
 is_ip_address = hostname.replace('.', '').isdigit()