Nastaveni HTTPS-only session cookies (prod a test)

mamweb/settings_prod.py

@@ -47,12 +47,18 @@ import os
 
 SERVER_EMAIL = 'mamweb-prod-errors@mam.mff.cuni.cz'
 ADMINS = [
-        ('Tomas Gavenciak', 'gavento@ucw.cz'),
         ('Petr Pecha', 'nejlepsitextovyeditorjevim@gmail.com'),
         ('Matěj Kocián', 'matej.kocian@gmail.com'),
         ]
 
 
+# SECURITY: only send sensitive cookies via HTTPS
+
+SESSION_COOKIE_SECURE = True
+CSRF_COOKIE_SECURE = True
+
+
+
 # LOGGING = {
 #     'version': 1,
 #     'disable_existing_loggers': True,

mamweb/settings_test.py

@@ -53,6 +53,10 @@ ADMINS = [
 ]
 
 
+# SECURITY: only send sensitive cookies via HTTPS
+
+SESSION_COOKIE_SECURE = True
+CSRF_COOKIE_SECURE = True