You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@allura.apache.org by ke...@apache.org on 2020/06/08 15:27:24 UTC
[allura] 01/03: [#8362] Add secure attr to session cookie
This is an automated email from the ASF dual-hosted git repository.
kentontaylor pushed a commit to branch kt/8362
in repository https://gitbox.apache.org/repos/asf/allura.git
commit 5fd1df12ba16a5db5386b6c63b7ad187c0b5178b
Author: Kenton Taylor <kt...@slashdotmedia.com>
AuthorDate: Fri May 29 14:54:13 2020 +0000
[#8362] Add secure attr to session cookie
---
Allura/allura/lib/custom_middleware.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/Allura/allura/lib/custom_middleware.py b/Allura/allura/lib/custom_middleware.py
index 1b21f92..521ad05 100644
--- a/Allura/allura/lib/custom_middleware.py
+++ b/Allura/allura/lib/custom_middleware.py
@@ -216,7 +216,7 @@ class CSRFMiddleware(object):
if dict(headers).get('Content-Type', '').startswith('text/html'):
headers.append(
(str('Set-cookie'),
- str('%s=%s; Path=/' % (self._cookie_name, cookie))))
+ str('%s=%s; secure; Path=/' % (self._cookie_name, cookie))))
return start_response(status, headers, exc_info)
return self._app(environ, session_start_response)