From 0fd0819197e5b9b35594dae33bf4467739e27779 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Aur=C3=A9lien=20Amorin?= Date: Thu, 25 Jun 2026 01:07:29 +0200 Subject: [PATCH] Harden production cookie security --- oc_lettings_site/settings.py | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/oc_lettings_site/settings.py b/oc_lettings_site/settings.py index 628580b35..b0f8d4158 100644 --- a/oc_lettings_site/settings.py +++ b/oc_lettings_site/settings.py @@ -75,6 +75,16 @@ ALLOWED_HOSTS = os.getenv("ALLOWED_HOSTS", "localhost,127.0.0.1").split(",") +SESSION_COOKIE_SECURE = ( + os.getenv("SESSION_COOKIE_SECURE", "False") == "True" +) + +CSRF_COOKIE_SECURE = ( + os.getenv("CSRF_COOKIE_SECURE", "False") == "True" +) + +SECURE_REFERRER_POLICY = "same-origin" + # Application definition