Nastaveni HTTPS-only session cookies (prod a test)

9 years ago · 3038fada3d
2 changed files with 11 additions and 1 deletions
--- a/mamweb/settings_prod.py
+++ b/mamweb/settings_prod.py
@ -47,12 +47,18 @@ import os

 SERVER_EMAIL = 'mamweb-prod-errors@mam.mff.cuni.cz'
 ADMINS = [
-        ('Tomas Gavenciak', 'gavento@ucw.cz'),
        ('Petr Pecha', 'nejlepsitextovyeditorjevim@gmail.com'),
        ('Matěj Kocián', 'matej.kocian@gmail.com'),
        ]


+# SECURITY: only send sensitive cookies via HTTPS
+
+SESSION_COOKIE_SECURE = True
+CSRF_COOKIE_SECURE = True
+
+
+
 # LOGGING = {
 #     'version': 1,
 #     'disable_existing_loggers': True,
--- a/mamweb/settings_test.py
+++ b/mamweb/settings_test.py
@ -53,6 +53,10 @@ ADMINS = [
 ]


+# SECURITY: only send sensitive cookies via HTTPS
+
+SESSION_COOKIE_SECURE = True
+CSRF_COOKIE_SECURE = True