Cookie security only if https is set in the config.

2024-11-14 16:55:42 +00:00 · 2020-06-17 09:26:37 +02:00 · 2020-06-17 09:26:37 +02:00 · be4377a231
commit be4377a231
parent b427a5e6f1
1 changed files with 10 additions and 5 deletions
--- a/web/config.py
+++ b/web/config.py
@ -6,11 +6,6 @@ import logging
 class Config:
    ''' ### Flask ### '''
    SECRET_KEY = os.environ.get('SECRET_KEY') or 'hard to guess string'
-    SESSION_COOKIE_SECURE = True
-
-    ''' ### Flask-Login ### '''
-    REMEMBER_COOKIE_HTTPONLY = True
-    REMEMBER_COOKIE_SECURE = True

    ''' ### Flask-Mail ### '''
    MAIL_SERVER = os.environ.get('MAIL_SERVER')
@ -32,6 +27,7 @@ class Config:
    NOPAQUE_CONTACT = os.environ.get('NOPAQUE_CONTACT')
    NOPAQUE_MAIL_SENDER = os.environ.get('NOPAQUE_MAIL_SENDER')
    NOPAQUE_MAIL_SUBJECT_PREFIX = '[nopaque]'
+    NOPAQUE_PROTOCOL = os.environ.get('NOPAQUE_PROTOCOL')
    NOPAQUE_STORAGE = os.environ.get('NOPAQUE_STORAGE')

    os.makedirs('logs', exist_ok=True)
@ -41,6 +37,15 @@ class Config:
                               '%(message)s',
                        datefmt='%Y-%m-%d %H:%M:%S', filemode='w')

+    ''' ### Security enhancements ### '''
+    if NOPAQUE_PROTOCOL == 'https':
+        ''' ### Flask ### '''
+        SESSION_COOKIE_SECURE = True
+
+        ''' ### Flask-Login ### '''
+        REMEMBER_COOKIE_HTTPONLY = True
+        REMEMBER_COOKIE_SECURE = True
+
    @staticmethod
    def init_app(app):
        proxy_fix_kwargs = {