Ensure that the Secure flag is set on session cookies when under HTTPS
This commit is contained in:
Joseph Schorr
parent
9e88b1413d
commit
e344597861
1 changed files with 13 additions and 7 deletions
20
app.py
20
app.py
|
|
@ -78,6 +78,19 @@ _distributed_storage_preference = os.environ.get('QUAY_DISTRIBUTED_STORAGE_PREFE
|
|||
if _distributed_storage_preference:
|
||||
app.config['DISTRIBUTED_STORAGE_PREFERENCE'] = _distributed_storage_preference
|
||||
|
||||
# Generate a secret key if none was specified.
|
||||
if app.config['SECRET_KEY'] is None:
|
||||
logger.debug('Generating in-memory secret key')
|
||||
app.config['SECRET_KEY'] = generate_secret_key()
|
||||
|
||||
# If the "preferred" scheme is https, then http is not allowed. Therefore, ensure we have a secure
|
||||
# session cookie.
|
||||
if app.config['PREFERRED_URL_SCHEME'] == 'https':
|
||||
app.config['SESSION_COOKIE_SECURE'] = True
|
||||
|
||||
# Load features from config.
|
||||
features.import_features(app.config)
|
||||
|
||||
|
||||
class RequestWithId(Request):
|
||||
request_gen = staticmethod(urn_generator(['request']))
|
||||
|
|
@ -112,13 +125,6 @@ for handler in root_logger.handlers:
|
|||
|
||||
app.request_class = RequestWithId
|
||||
|
||||
# Generate a secret key if none was specified.
|
||||
if app.config['SECRET_KEY'] is None:
|
||||
logger.debug('Generating in-memory secret key')
|
||||
app.config['SECRET_KEY'] = generate_secret_key()
|
||||
|
||||
features.import_features(app.config)
|
||||
|
||||
# Register custom converters.
|
||||
class RegexConverter(BaseConverter):
|
||||
""" Converter for handling custom regular expression patterns in paths. """
|
||||
|
|
|
|||
Reference in a new issue