From 3038fada3da27fddec632715bf7765b4a16ae57a Mon Sep 17 00:00:00 2001
From: Tomas Gavenciak <gavento@ucw.cz>
Date: Sun, 4 Oct 2015 00:09:24 +0200
Subject: [PATCH] Nastaveni HTTPS-only session cookies (prod a test)

---
 mamweb/settings_prod.py | 8 +++++++-
 mamweb/settings_test.py | 4 ++++
 2 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/mamweb/settings_prod.py b/mamweb/settings_prod.py
index 8535389d..eaf18db2 100644
--- a/mamweb/settings_prod.py
+++ b/mamweb/settings_prod.py
@@ -47,12 +47,18 @@ import os
 
 SERVER_EMAIL = 'mamweb-prod-errors@mam.mff.cuni.cz'
 ADMINS = [
-        ('Tomas Gavenciak', 'gavento@ucw.cz'),
         ('Petr Pecha', 'nejlepsitextovyeditorjevim@gmail.com'),
         ('Matěj Kocián', 'matej.kocian@gmail.com'),
         ]
 
 
+# SECURITY: only send sensitive cookies via HTTPS
+
+SESSION_COOKIE_SECURE = True
+CSRF_COOKIE_SECURE = True
+
+
+
 # LOGGING = {
 #     'version': 1,
 #     'disable_existing_loggers': True,
diff --git a/mamweb/settings_test.py b/mamweb/settings_test.py
index cf4c593f..a628be47 100644
--- a/mamweb/settings_test.py
+++ b/mamweb/settings_test.py
@@ -53,6 +53,10 @@ ADMINS = [
 ]
 
 
+# SECURITY: only send sensitive cookies via HTTPS
+
+SESSION_COOKIE_SECURE = True
+CSRF_COOKIE_SECURE = True