corubba ae2ad6527a Set csrf cookie to httponly ...

The CSRF token is currently inserted directly in the template and not
in the browser via JavaScript from the cookie, so making it inaccessible
is not a problem.

The Sesson-cookie is already httponly by default [0].

[0] https://flask.palletsprojects.com/en/2.1.x/config/?highlight=session_cookie_httponly#SESSION_COOKIE_HTTPONLY

2022-06-18 18:51:42 +02:00

..

lib

feat: Move the account parse calls to a method

2022-06-18 14:30:56 +02:00

models

feat: Move the account parse calls to a method

2022-06-18 14:30:56 +02:00

routes

Fix csrf configuration

2022-06-18 18:51:40 +02:00

services

Use HTTP_X_FORWARDED_PROTO header from reverse proxy to rewrite https:// for SAML request URLs

2022-05-19 19:00:38 -07:00

static

Add general modal functions

2022-05-19 00:53:20 +02:00

templates

feat: Add the extra chars as an option

2022-06-18 14:30:56 +02:00

__init__.py

Fix csrf configuration

2022-06-18 18:51:40 +02:00

assets.py

Add 'otp_force' basic setting (#1051)

2021-12-17 11:41:51 +01:00

decorators.py

enh: Enforce Record Restrictions in API (#1089)

2022-06-18 14:20:49 +02:00

default_config.py

Set csrf cookie to httponly

2022-06-18 18:51:42 +02:00

swagger-spec.yaml

Updated the unknown state

2022-05-23 16:46:11 +00:00