Lightweight modern Python library to add security headers (CSP, HSTS, etc.) to Django, Flask, FastAPI, and more. Secure defaults or fully customizable.
I'm using Tornado 6.0.3 and apparently I have to use a patch (Morsel._reserved['samesite'] = 'SameSite') but the samesite cookies are not being set. Not sure I've understood how to use secure in my code but this is what I've done.
from http.cookies import Morsel
from secure import SecureHeaders
from secure import SecureCookie
Morsel._reserved['samesite'] = 'SameSite'
SECURE_HEADERS = SecureHeaders()
SECURE_COOKIE = SecureCookie(expires=1, samesite=SecureCookie.SameSite.LAX)
class BaseHandler(tornado.web.RequestHandler):
"""Main class used for general functions applying to entire application. """
def set_default_headers(self):
"""docstring"""
SECURE_HEADERS.tornado(self)
def set_samesite_cookie(self, cookie_name, cookie_value):
"""Sets a samesite cookie"""
SECURE_COOKIE.tornado(self, name=cookie_name, value=cookie_value)
and then I have used this in another class:
self.set_samesite_cookie("user", user_id)
Any suggestions to why it's not working is appreciated!
Thank you!
Hey,
I'm using Tornado 6.0.3 and apparently I have to use a patch (
Morsel._reserved['samesite'] = 'SameSite') but the samesite cookies are not being set. Not sure I've understood how to use secure in my code but this is what I've done.and then I have used this in another class:
Any suggestions to why it's not working is appreciated! Thank you!