Skip to content
Permalink
Browse files Browse the repository at this point in the history
Set 'Secure' Attribute in session cookie
  • Loading branch information
GammaC0de committed Jan 4, 2023
1 parent 7d73ba7 commit 7b53b8d
Showing 1 changed file with 2 additions and 1 deletion.
3 changes: 2 additions & 1 deletion src/pyload/webui/app/__init__.py
Expand Up @@ -78,7 +78,7 @@ def _configure_templating(cls, app):

app.create_jinja_environment()

# NOTE: enable autoescape for all file extensions (included .js)
# NOTE: enable auto escape for all file extensions (including .js)
# maybe this will break .txt rendering, but we don't render this kind of files actually
# that does not change 'default_for_string=False' (by default)
app.jinja_env.autoescape = jinja2.select_autoescape(default=True)
Expand All @@ -102,6 +102,7 @@ def _configure_session(cls, app):
app.config["SESSION_FILE_DIR"] = cache_path
app.config["SESSION_TYPE"] = "filesystem"
app.config["SESSION_COOKIE_NAME"] = "pyload_session"
app.config["SESSION_COOKIE_SECURE"] = app.config["PYLOAD_API"].get_config_value("webui", "use_ssl")
app.config["SESSION_PERMANENT"] = False

session_lifetime = max(app.config["PYLOAD_API"].get_config_value("webui", "session_lifetime"), 1) * 60
Expand Down

0 comments on commit 7b53b8d

Please sign in to comment.