Skip to content

Commit

Permalink
Merge pull request #196 from readthedocs/davidfischer/reduce-csrf-coo…
Browse files Browse the repository at this point in the history 
…kie-timeout

CSRF Cookie tweaks
  • Loading branch information
@davidfischer
davidfischer committed Jul 27, 2020
2 parents 9480fed + 3137e65 commit 9d65901
Showing 1 changed file with 2 additions and 0 deletions.
2 changes: 2 additions & 0 deletions config/settings/base.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -254,6 +254,8 @@
X_FRAME_OPTIONS = "DENY"
SESSION_COOKIE_HTTPONLY = True
CSRF_COOKIE_HTTPONLY = True
CSRF_COOKIE_AGE = 60 * 60 * 24 * 30 # 30 days
CSRF_COOKIE_SAMESITE = "Strict"

GEOIP_PATH = os.path.join(BASE_DIR, "geoip")

Expand Down

0 comments on commit 9d65901

Please sign in to comment.