Add security enhancements. See: https://blog.miguelgrinberg.com/post/cookie-security-for-flask-applications

2025-07-01 18:30:34 +00:00 · 2020-06-02 16:51:08 +02:00
parent 9f62e782f0
commit 4ac4fcb4ff
4 changed files with 16 additions and 7 deletions
--- a/config.py
+++ b/config.py
@ -6,6 +6,11 @@ import logging
 class Config:
    ''' ### Flask ### '''
    SECRET_KEY = os.environ.get('SECRET_KEY') or 'hard to guess string'
+    SESSION_COOKIE_SECURE = True
+
+    ''' ### Flask-Login ### '''
+    REMEMBER_COOKIE_HTTPONLY = True
+    REMEMBER_COOKIE_SECURE = True

    ''' ### Flask-Mail ### '''
    MAIL_SERVER = os.environ.get('MAIL_SERVER')