From 60a3fe559c453bc36b0ec3e5dd39c1303640a59a Mon Sep 17 00:00:00 2001
From: Fabian Weisshaar <elnappo@nerdpol.io>
Date: Tue, 9 Apr 2019 15:08:14 +0200
Subject: [PATCH] Set HTTPONLY to CSRF cookies

---
 src/nsupdate/settings/base.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/nsupdate/settings/base.py b/src/nsupdate/settings/base.py
index e8722a4..f5a4d28 100644
--- a/src/nsupdate/settings/base.py
+++ b/src/nsupdate/settings/base.py
@@ -283,7 +283,7 @@ CSRF_FAILURE_VIEW = 'nsupdate.main.views.csrf_failure_view'
 # Settings for CSRF cookie.
 CSRF_COOKIE_NAME = 'csrftoken'
 CSRF_COOKIE_PATH = '/'
-CSRF_COOKIE_HTTPONLY = False
+CSRF_COOKIE_HTTPONLY = True
 
 # Settings for session cookie.
 SESSION_COOKIE_NAME = 'sessionid'