2
0
mirror of https://expo.survex.com/repositories/troggle/.git synced 2024-11-25 08:41:51 +00:00

Disable "secure" (i.e. SSL trabsport only) cookies

This commit is contained in:
Philip Sargent 2021-03-28 15:40:07 +01:00
parent a99020078c
commit 0ecaa9b8ee

View File

@ -109,8 +109,8 @@ SECRET_KEY = "not-the-real-secret-key-a#vaeozn0---^fj!355qki*vj2"
LOGIN_REDIRECT_URL = '/'
SECURE_CONTENT_TYPE_NOSNIFF = True
SECURE_BROWSER_XSS_FILTER = True
#SESSION_COOKIE_SECURE = True # if enabled, cannot login to Django control panel, bug elsewhere?
CSRF_COOKIE_SECURE = True
# SESSION_COOKIE_SECURE = True # if enabled, cannot login to Django control panel, bug elsewhere?
# CSRF_COOKIE_SECURE = True # if enabled only sends cookies over SSL
X_FRAME_OPTIONS = 'SAMEORIGIN' # change to "DENY" after we eliminate all the iframes e.g. /xmlvalid.html
INSTALLED_APPS = (