Fix cookie SameSite not being set
This commit is contained in:
David Hoppenbrouwers
4
Makefile
4
Makefile
@@ -4,7 +4,7 @@ SQLITE = sqlite3
|
||||
|
||||
default: venv
|
||||
|
||||
test:: venv
|
||||
test: venv
|
||||
test/all.sh
|
||||
|
||||
venv:
|
||||
@@ -13,3 +13,5 @@ venv:
|
||||
|
||||
forum.db:
|
||||
$(SQLITE) $@ < schema.txt
|
||||
|
||||
.PHONY: test
|
||||
|
||||
5
main.py
5
main.py
@@ -14,6 +14,11 @@ import captcha, password, minimd
|
||||
app = Flask(__name__)
|
||||
db = DB(os.getenv('DB'))
|
||||
|
||||
# This defaults to None, which allows CSRF attacks in FireFox
|
||||
# and older versions of Chrome.
|
||||
# 'Lax' is sufficient to prevent malicious POST requests.
|
||||
app.config['SESSION_COOKIE_SAMESITE'] = 'Lax'
|
||||
|
||||
class Config:
|
||||
pass
|
||||
config = Config()
|
||||
|
||||
Reference in New Issue
Block a user