Fix cookie SameSite not being set
This commit is contained in:
David Hoppenbrouwers
4
Makefile
4
Makefile
@@ -4,7 +4,7 @@ SQLITE = sqlite3
|
|||||||
|
|
||||||
default: venv
|
default: venv
|
||||||
|
|
||||||
test:: venv
|
test: venv
|
||||||
test/all.sh
|
test/all.sh
|
||||||
|
|
||||||
venv:
|
venv:
|
||||||
@@ -13,3 +13,5 @@ venv:
|
|||||||
|
|
||||||
forum.db:
|
forum.db:
|
||||||
$(SQLITE) $@ < schema.txt
|
$(SQLITE) $@ < schema.txt
|
||||||
|
|
||||||
|
.PHONY: test
|
||||||
|
|||||||
5
main.py
5
main.py
@@ -14,6 +14,11 @@ import captcha, password, minimd
|
|||||||
app = Flask(__name__)
|
app = Flask(__name__)
|
||||||
db = DB(os.getenv('DB'))
|
db = DB(os.getenv('DB'))
|
||||||
|
|
||||||
|
# This defaults to None, which allows CSRF attacks in FireFox
|
||||||
|
# and older versions of Chrome.
|
||||||
|
# 'Lax' is sufficient to prevent malicious POST requests.
|
||||||
|
app.config['SESSION_COOKIE_SAMESITE'] = 'Lax'
|
||||||
|
|
||||||
class Config:
|
class Config:
|
||||||
pass
|
pass
|
||||||
config = Config()
|
config = Config()
|
||||||
|
|||||||
Reference in New Issue
Block a user