You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@allura.apache.org by ke...@apache.org on 2020/06/08 15:27:24 UTC

[allura] 01/03: [#8362] Add secure attr to session cookie

This is an automated email from the ASF dual-hosted git repository.

kentontaylor pushed a commit to branch kt/8362
in repository https://gitbox.apache.org/repos/asf/allura.git

commit 5fd1df12ba16a5db5386b6c63b7ad187c0b5178b
Author: Kenton Taylor <kt...@slashdotmedia.com>
AuthorDate: Fri May 29 14:54:13 2020 +0000

    [#8362] Add secure attr to session cookie
---
 Allura/allura/lib/custom_middleware.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Allura/allura/lib/custom_middleware.py b/Allura/allura/lib/custom_middleware.py
index 1b21f92..521ad05 100644
--- a/Allura/allura/lib/custom_middleware.py
+++ b/Allura/allura/lib/custom_middleware.py
@@ -216,7 +216,7 @@ class CSRFMiddleware(object):
             if dict(headers).get('Content-Type', '').startswith('text/html'):
                 headers.append(
                     (str('Set-cookie'),
-                     str('%s=%s; Path=/' % (self._cookie_name, cookie))))
+                     str('%s=%s; secure; Path=/' % (self._cookie_name, cookie))))
             return start_response(status, headers, exc_info)
 
         return self._app(environ, session_start_response)