We have a free program analysis tool for Python 3 web projects, called Bento. While we were scanning GitHub projects for issues, it triggered a warning for the set_cookie method on your app. Looks like you use cookies for user settings (not auth) so perhaps it is no big deal. But I don't think it does any harm to secure the cookies (it is 1-line change) and it prevents malicious actors from stealing settings cookies.
There were bunch of other warnings bento triggered on, but I didn't include them in this PR to keep it clean an simple. If you are curious, you can check it out yourself by downloading bento from https://bento.dev/
Hi there,
We have a free program analysis tool for Python 3 web projects, called Bento. While we were scanning GitHub projects for issues, it triggered a warning for the set_cookie method on your app. Looks like you use cookies for user settings (not auth) so perhaps it is no big deal. But I don't think it does any harm to secure the cookies (it is 1-line change) and it prevents malicious actors from stealing settings cookies.
There were bunch of other warnings bento triggered on, but I didn't include them in this PR to keep it clean an simple. If you are curious, you can check it out yourself by downloading bento from https://bento.dev/