vbatts/quay
Archived
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Add option to force session cookies to be non-secure

Browse source
This commit is contained in:
Joseph Schorr 2016-08-11 16:16:15 -04:00
parent 4ea6f724c4
commit 26aa641eb0
1 changed files with 2 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
app.py
View file

@ -87,7 +87,8 @@ if app.config['SECRET_KEY'] is None:
# If the "preferred" scheme is https, then http is not allowed. Therefore, ensure we have a secure # If the "preferred" scheme is https, then http is not allowed. Therefore, ensure we have a secure
# session cookie. # session cookie.
if app.config['PREFERRED_URL_SCHEME'] == 'https': if (app.config['PREFERRED_URL_SCHEME'] == 'https' and
not app.config.get('FORCE_NONSECURE_SESSION_COOKIE', False)):
app.config['SESSION_COOKIE_SECURE'] = True app.config['SESSION_COOKIE_SECURE'] = True
# Load features from config. # Load features from config.