Docker/AdventureLog
Docker/AdventureLog
1
0
Fork 0
mirror of https://github.com/seanmorley15/AdventureLog.git synced 2025-07-19 12:59:36 +02:00
Code Issues Releases Activity

feat: secure CSRF cookie based on frontend URL protocol

Browse source
This commit is contained in:
Sean Morley 2025-05-31 17:30:33 -04:00
parent e89f2a947e
commit 806efd71bf
1 changed files with 2 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

2
backend/server/main/settings.py
View file

@ -147,6 +147,8 @@ SESSION_COOKIE_SAMESITE = 'Lax'
SESSION_COOKIE_NAME = 'sessionid' SESSION_COOKIE_NAME = 'sessionid'
SESSION_COOKIE_SECURE = FRONTEND_URL.startswith('https') SESSION_COOKIE_SECURE = FRONTEND_URL.startswith('https')
CSRF_COOKIE_SECURE = FRONTEND_URL.startswith('https')
hostname = urlparse(FRONTEND_URL).hostname hostname = urlparse(FRONTEND_URL).hostname
is_ip_address = hostname.replace('.', '').isdigit() is_ip_address = hostname.replace('.', '').isdigit()