xle/troggle-unchained
2
0
Fork 0
forked from expo/troggle
Code Issues 4 Pull Requests Projects 1 Wiki Activity

Disable "secure" (i.e. SSL trabsport only) cookies

Browse Source
This commit is contained in:
Philip Sargent 2021-03-28 15:40:07 +01:00
parent a99020078c
commit 0ecaa9b8ee
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
settings.py
View File

@ -109,8 +109,8 @@ SECRET_KEY = "not-the-real-secret-key-a#vaeozn0---^fj!355qki*vj2"
LOGIN_REDIRECT_URL = '/'
SECURE_CONTENT_TYPE_NOSNIFF = True
SECURE_BROWSER_XSS_FILTER = True
#SESSION_COOKIE_SECURE = True # if enabled, cannot login to Django control panel, bug elsewhere?
CSRF_COOKIE_SECURE = True
# SESSION_COOKIE_SECURE = True # if enabled, cannot login to Django control panel, bug elsewhere?
# CSRF_COOKIE_SECURE = True # if enabled only sends cookies over SSL
X_FRAME_OPTIONS = 'SAMEORIGIN' # change to "DENY" after we eliminate all the iframes e.g. /xmlvalid.html
INSTALLED_APPS = (