mirror of
https://github.com/cwinfo/powerdns-admin.git
synced 2024-11-08 14:40:27 +00:00
ae2ad6527a
The CSRF token is currently inserted directly in the template and not in the browser via JavaScript from the cookie, so making it inaccessible is not a problem. The Sesson-cookie is already httponly by default [0]. [0] https://flask.palletsprojects.com/en/2.1.x/config/?highlight=session_cookie_httponly#SESSION_COOKIE_HTTPONLY
36 lines
873 B
Python
36 lines
873 B
Python
import os
|
|
import urllib.parse
|
|
basedir = os.path.abspath(os.path.dirname(__file__))
|
|
|
|
### BASIC APP CONFIG
|
|
SALT = '$2b$12$yLUMTIfl21FKJQpTkRQXCu'
|
|
SECRET_KEY = 'e951e5a1f4b94151b360f47edf596dd2'
|
|
BIND_ADDRESS = '0.0.0.0'
|
|
PORT = 9191
|
|
HSTS_ENABLED = False
|
|
OFFLINE_MODE = False
|
|
FILESYSTEM_SESSIONS_ENABLED = False
|
|
CSRF_COOKIE_HTTPONLY = True
|
|
|
|
### DATABASE CONFIG
|
|
SQLA_DB_USER = 'pda'
|
|
SQLA_DB_PASSWORD = 'changeme'
|
|
SQLA_DB_HOST = '127.0.0.1'
|
|
SQLA_DB_NAME = 'pda'
|
|
SQLALCHEMY_TRACK_MODIFICATIONS = True
|
|
|
|
### DATABASE - MySQL
|
|
SQLALCHEMY_DATABASE_URI = 'mysql://{}:{}@{}/{}'.format(
|
|
urllib.parse.quote_plus(SQLA_DB_USER),
|
|
urllib.parse.quote_plus(SQLA_DB_PASSWORD),
|
|
SQLA_DB_HOST,
|
|
SQLA_DB_NAME
|
|
)
|
|
|
|
### DATABASE - SQLite
|
|
# SQLALCHEMY_DATABASE_URI = 'sqlite:///' + os.path.join(basedir, 'pdns.db')
|
|
|
|
# SAML Authnetication
|
|
SAML_ENABLED = False
|
|
SAML_ASSERTION_ENCRYPTED = True
|