Merge pull request #1712 from coreos-inc/force-session-cookie
Add option to force session cookies to be non-secure
This commit is contained in:
commit
f2994174f3
1 changed files with 2 additions and 1 deletions
3
app.py
3
app.py
|
@ -87,7 +87,8 @@ if app.config['SECRET_KEY'] is None:
|
||||||
|
|
||||||
# If the "preferred" scheme is https, then http is not allowed. Therefore, ensure we have a secure
|
# If the "preferred" scheme is https, then http is not allowed. Therefore, ensure we have a secure
|
||||||
# session cookie.
|
# session cookie.
|
||||||
if app.config['PREFERRED_URL_SCHEME'] == 'https':
|
if (app.config['PREFERRED_URL_SCHEME'] == 'https' and
|
||||||
|
not app.config.get('FORCE_NONSECURE_SESSION_COOKIE', False)):
|
||||||
app.config['SESSION_COOKIE_SECURE'] = True
|
app.config['SESSION_COOKIE_SECURE'] = True
|
||||||
|
|
||||||
# Load features from config.
|
# Load features from config.
|
||||||
|
|
Reference in a new issue