diff options
| author | Philip Sargent <philip.sargent@klebos.com> | 2021-03-28 15:40:07 +0100 |
|---|---|---|
| committer | Philip Sargent <philip.sargent@klebos.com> | 2021-03-28 15:40:07 +0100 |
| commit | 0ecaa9b8ee273eb41394c838b0f39a4683bb5e2a (patch) | |
| tree | c875ccee7f6cd3f70e20a1a62ea18270d557dbc2 | |
| parent | a99020078cc7a57f21f5b8934e6d78e7d1c77f4b (diff) | |
| download | troggle-0ecaa9b8ee273eb41394c838b0f39a4683bb5e2a.tar.gz troggle-0ecaa9b8ee273eb41394c838b0f39a4683bb5e2a.tar.bz2 troggle-0ecaa9b8ee273eb41394c838b0f39a4683bb5e2a.zip | |
Disable "secure" (i.e. SSL trabsport only) cookies
| -rw-r--r-- | settings.py | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/settings.py b/settings.py index 20a0d63..80fb84b 100644 --- a/settings.py +++ b/settings.py @@ -109,8 +109,8 @@ SECRET_KEY = "not-the-real-secret-key-a#vaeozn0---^fj!355qki*vj2" LOGIN_REDIRECT_URL = '/' SECURE_CONTENT_TYPE_NOSNIFF = True SECURE_BROWSER_XSS_FILTER = True -#SESSION_COOKIE_SECURE = True # if enabled, cannot login to Django control panel, bug elsewhere? -CSRF_COOKIE_SECURE = True +# SESSION_COOKIE_SECURE = True # if enabled, cannot login to Django control panel, bug elsewhere? +# CSRF_COOKIE_SECURE = True # if enabled only sends cookies over SSL X_FRAME_OPTIONS = 'SAMEORIGIN' # change to "DENY" after we eliminate all the iframes e.g. /xmlvalid.html INSTALLED_APPS = ( |