Browse Source

Session cookie secure by default

pull/2796/head
David Jetelina 7 years ago
parent
commit
f212d2d53f
No known key found for this signature in database
GPG Key ID: 86F0EA0EE7C8038B
  1. 2
      docs/config.rst
  2. 2
      flask/app.py

2
docs/config.rst

@ -206,7 +206,7 @@ The following configuration values are used internally by Flask:
marked "secure". The application must be served over HTTPS for this to make marked "secure". The application must be served over HTTPS for this to make
sense. sense.
Default: ``False`` Default: ``True``
.. py:data:: SESSION_COOKIE_SAMESITE .. py:data:: SESSION_COOKIE_SAMESITE

2
flask/app.py

@ -293,7 +293,7 @@ class Flask(_PackageBoundObject):
'SESSION_COOKIE_DOMAIN': None, 'SESSION_COOKIE_DOMAIN': None,
'SESSION_COOKIE_PATH': None, 'SESSION_COOKIE_PATH': None,
'SESSION_COOKIE_HTTPONLY': True, 'SESSION_COOKIE_HTTPONLY': True,
'SESSION_COOKIE_SECURE': False, 'SESSION_COOKIE_SECURE': True,
'SESSION_COOKIE_SAMESITE': None, 'SESSION_COOKIE_SAMESITE': None,
'SESSION_REFRESH_EACH_REQUEST': True, 'SESSION_REFRESH_EACH_REQUEST': True,
'MAX_CONTENT_LENGTH': None, 'MAX_CONTENT_LENGTH': None,

Loading…
Cancel
Save