Set CSRF and Session cookies Secure

Parisson / TimeSide

scalable audio processing framework and server written in Python

https://timeside.ircam.fr/docs/

GNU Affero General Public License v3.0

369 stars 59 forks source link

Set CSRF and Session cookies Secure #164

Closed gnuletik closed 4 years ago

gnuletik commented 4 years ago

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie#Secure

If a cookie is needed to be sent cross-origin, opt out of the SameSite restriction using the None directive. The None directive requires the Secure attribute.

In order to have the desired behavior of SameSite = None, we have to set the Secure attribute.