powerdns-admin/powerdnsadmin
corubba ae2ad6527a Set csrf cookie to httponly
The CSRF token is currently inserted directly in the template and not
in the browser via JavaScript from the cookie, so making it inaccessible
is not a problem.

The Sesson-cookie is already httponly by default [0].

[0] https://flask.palletsprojects.com/en/2.1.x/config/?highlight=session_cookie_httponly#SESSION_COOKIE_HTTPONLY
2022-06-18 18:51:42 +02:00
..
lib feat: Move the account parse calls to a method 2022-06-18 14:30:56 +02:00
models feat: Move the account parse calls to a method 2022-06-18 14:30:56 +02:00
routes Fix csrf configuration 2022-06-18 18:51:40 +02:00
services Use HTTP_X_FORWARDED_PROTO header from reverse proxy to rewrite https:// for SAML request URLs 2022-05-19 19:00:38 -07:00
static Add general modal functions 2022-05-19 00:53:20 +02:00
templates feat: Add the extra chars as an option 2022-06-18 14:30:56 +02:00
__init__.py Fix csrf configuration 2022-06-18 18:51:40 +02:00
assets.py Add 'otp_force' basic setting (#1051) 2021-12-17 11:41:51 +01:00
decorators.py enh: Enforce Record Restrictions in API (#1089) 2022-06-18 14:20:49 +02:00
default_config.py Set csrf cookie to httponly 2022-06-18 18:51:42 +02:00
swagger-spec.yaml Updated the unknown state 2022-05-23 16:46:11 +00:00