Set HTTPONLY to CSRF cookies

2019-04-09 15:08:14 +02:00 · 2019-04-09 15:08:14 +02:00 · 60a3fe559c
commit 60a3fe559c
parent 1732ace5a0
1 changed files with 1 additions and 1 deletions
--- a/src/nsupdate/settings/base.py
+++ b/src/nsupdate/settings/base.py
@ -283,7 +283,7 @@ CSRF_FAILURE_VIEW = 'nsupdate.main.views.csrf_failure_view'
 # Settings for CSRF cookie.
 CSRF_COOKIE_NAME = 'csrftoken'
 CSRF_COOKIE_PATH = '/'
-CSRF_COOKIE_HTTPONLY = False
+CSRF_COOKIE_HTTPONLY = True

 # Settings for session cookie.
 SESSION_COOKIE_NAME = 'sessionid'