alex/voyage
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: secure CSRF cookie based on frontend URL protocol

Browse Source
This commit is contained in:
Sean Morley
2025-05-31 17:30:33 -04:00
parent e89f2a947e
commit 806efd71bf
1 changed files with 2 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
backend/server/main/settings.py
View File

@@ -147,6 +147,8 @@ SESSION_COOKIE_SAMESITE = 'Lax'
SESSION_COOKIE_NAME = 'sessionid' SESSION_COOKIE_NAME = 'sessionid'
SESSION_COOKIE_SECURE = FRONTEND_URL.startswith('https') SESSION_COOKIE_SECURE = FRONTEND_URL.startswith('https')
CSRF_COOKIE_SECURE = FRONTEND_URL.startswith('https')
hostname = urlparse(FRONTEND_URL).hostname hostname = urlparse(FRONTEND_URL).hostname
is_ip_address = hostname.replace('.', '').isdigit() is_ip_address = hostname.replace('.', '').isdigit()