From 806efd71bf6915db1d7fdc12bf27b89eb78cda3d Mon Sep 17 00:00:00 2001 From: Sean Morley Date: Sat, 31 May 2025 17:30:33 -0400 Subject: [PATCH] feat: secure CSRF cookie based on frontend URL protocol --- backend/server/main/settings.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/backend/server/main/settings.py b/backend/server/main/settings.py index 99bd241..b7dccb2 100644 --- a/backend/server/main/settings.py +++ b/backend/server/main/settings.py @@ -147,6 +147,8 @@ SESSION_COOKIE_SAMESITE = 'Lax' SESSION_COOKIE_NAME = 'sessionid' SESSION_COOKIE_SECURE = FRONTEND_URL.startswith('https') +CSRF_COOKIE_SECURE = FRONTEND_URL.startswith('https') + hostname = urlparse(FRONTEND_URL).hostname is_ip_address = hostname.replace('.', '').isdigit()