cwinfo/powerdns-admin
4
0
Fork 0
mirror of https://github.com/cwinfo/powerdns-admin.git synced 2025-06-14 20:16:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

Set csrf cookie to httponly

Browse Source 
The CSRF token is currently inserted directly in the template and not
in the browser via JavaScript from the cookie, so making it inaccessible
is not a problem.

The Sesson-cookie is already httponly by default [0].

[0] https://flask.palletsprojects.com/en/2.1.x/config/?highlight=session_cookie_httponly#SESSION_COOKIE_HTTPONLY
This commit is contained in:
corubba
2022-05-27 12:53:28 +02:00
parent 3e462dab17
commit ae2ad6527a
2 changed files with 2 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
configs/docker_config.py
View File

@ -2,6 +2,7 @@
BIND_ADDRESS = '0.0.0.0'
PORT = 80
SQLALCHEMY_DATABASE_URI = 'sqlite:////data/powerdns-admin.db'
CSRF_COOKIE_HTTPONLY = True
legal_envvars = (
'SECRET_KEY',