Disable "secure" (i.e. SSL trabsport only) cookies

2025-12-14 19:57:22 +00:00 · 2021-03-28 15:40:07 +01:00
parent a99020078c
commit 0ecaa9b8ee
1 changed files with 2 additions and 2 deletions
--- a/settings.py
+++ b/settings.py
@@ -110,7 +110,7 @@ LOGIN_REDIRECT_URL = '/'
 SECURE_CONTENT_TYPE_NOSNIFF = True
 SECURE_BROWSER_XSS_FILTER = True
 # SESSION_COOKIE_SECURE = True # if enabled, cannot login to Django control panel, bug elsewhere?
-CSRF_COOKIE_SECURE = True
+# CSRF_COOKIE_SECURE = True # if enabled only sends cookies over SSL
 X_FRAME_OPTIONS = 'SAMEORIGIN'  # change to "DENY" after we eliminate all the iframes e.g. /xmlvalid.html

 INSTALLED_APPS = (