Set SESSION_COOKIE_SECURE for deployed environments.
This sets the "Secure" attribute on cookies sent to the client: https://flask.palletsprojects.com/en/1.1.x/config/#SESSION_COOKIE_SECURE
This commit is contained in:
parent
7812da5eae
commit
6edc7b138b
@ -257,6 +257,7 @@ To generate coverage reports for the Javascript tests:
|
||||
- `SESSION_COOKIE_DOMAIN`: String value specifying the name to use for the session cookie. This should be set to the root domain so that it is valid for both the main site and the authentication subdomain. https://flask.palletsprojects.com/en/1.1.x/config/#SESSION_COOKIE_DOMAIN
|
||||
- `SESSION_KEY_PREFIX`: A prefix that is added before all session keys: https://pythonhosted.org/Flask-Session/#configuration
|
||||
- `SESSION_TYPE`: String value specifying the cookie storage backend. https://pythonhosted.org/Flask-Session/
|
||||
- `SESSION_COOKIE_SECURE`: https://flask.palletsprojects.com/en/1.1.x/config/#SESSION_COOKIE_SECURE
|
||||
- `SESSION_USE_SIGNER`: Boolean value specifying if the cookie sid should be signed.
|
||||
- `SQLALCHEMY_ECHO`: Boolean value specifying if SQLAlchemy should log queries to stdout.
|
||||
- `STATIC_URL`: URL specifying where static assets are hosted.
|
||||
|
@ -43,6 +43,7 @@ SERVER_NAME
|
||||
SESSION_COOKIE_NAME=atat
|
||||
SESSION_COOKIE_DOMAIN
|
||||
SESSION_KEY_PREFIX=session:
|
||||
SESSION_COOKIE_SECURE=false
|
||||
SESSION_TYPE = redis
|
||||
SESSION_USE_SIGNER = True
|
||||
SQLALCHEMY_ECHO = False
|
||||
|
@ -32,6 +32,7 @@ data:
|
||||
REDIS_HOST: atat.redis.cache.windows.net:6380
|
||||
REDIS_TLS: "true"
|
||||
SESSION_COOKIE_DOMAIN: atat.code.mil
|
||||
SESSION_COOKIE_SECURE: "true"
|
||||
STATIC_URL: https://atat-cdn.azureedge.net/static/
|
||||
TZ: UTC
|
||||
UWSGI_CONFIG_FULLPATH: /opt/atat/atst/uwsgi.ini
|
||||
|
Loading…
x
Reference in New Issue
Block a user