app: send cookies with Secure and SameSite=Lax (#60)
Sending cookies without Secure and without SameSite causes Firefox to ignore or invalidate them, which disconnects accounts seemingly randomly.
This commit is contained in:
parent
e06363715e
commit
a95a88f3b1
|
@ -1,7 +1,7 @@
|
|||
function setCookie(name, value) {
|
||||
var end = new Date();
|
||||
end.setTime( end.getTime() + 3600 * 1000 );
|
||||
var str=name+"="+escape(value)+"; expires="+end.toGMTString()+"; path=/";
|
||||
var str=name+"="+escape(value)+"; expires="+end.toGMTString()+"; path=/; Secure; SameSite=lax";
|
||||
document.cookie = str;
|
||||
}
|
||||
function getCookie(name) {
|
||||
|
|
|
@ -18,6 +18,12 @@ class Config(object):
|
|||
MAIL_DEFAULT_SENDER = "noreply@v5.planet-casio.com"
|
||||
MAIL_SUPPRESS_SEND = None
|
||||
|
||||
# Only send cookies over HTTPS connections (use only if HTTPS is enabled)
|
||||
SESSION_COOKIE_SECURE = True
|
||||
# Only send cookies in requests, do not expose them to Javascript
|
||||
SESSION_COOKIE_HTTPONLY = True
|
||||
# Do not attach cookies to cross-origin requests
|
||||
SESSION_COOKIE_SAMESITE = "Lax"
|
||||
|
||||
class DefaultConfig(object):
|
||||
"""Every value here can be overrided in the local_config.py class"""
|
||||
|
|
Loading…
Reference in New Issue