Browse Source

Fix secure session cookie

pull/2/head
Noah Petherbridge 5 years ago
parent
commit
259779770f
2 changed files with 14 additions and 8 deletions
  1. +1
    -1
      rophako/__init__.py
  2. +13
    -7
      rophako/modules/kirsle_legacy.py

+ 1
- 1
rophako/__init__.py View File

@@ -18,7 +18,7 @@ app.secret_key = config.SECRET_KEY

# Security?
if config.FORCE_SSL:
app.SESSION_COOKIE_SECURE = True
app.config['SESSION_COOKIE_SECURE'] = True
sslify = SSLify(app)

# Load all the blueprints!


+ 13
- 7
rophako/modules/kirsle_legacy.py View File

@@ -5,7 +5,9 @@
from flask import g, request, redirect, url_for, flash
import re
import os
import json

import config
from rophako import app
from rophako.utils import template, login_required
import rophako.model.blog as Blog
@@ -99,10 +101,14 @@ def legacy_url(page):
@app.route("/ssl_test")
@login_required
def ssl_test():
criteria = [
request.is_secure,
app.debug,
request.headers.get("X-Forwarded-Proto", "http") == "https"
]

return str(criteria)
return "<pre>{}</pre>".format(json.dumps({
"SSLify criteria": {
"request.is_secure": request.is_secure,
"app.debug": app.debug,
"X-Forwarded-Proto is http": request.headers.get("X-Forwarded-Proto", "http") == "https",
},
"App Configuration": {
"Session cookies secure": app.config["SESSION_COOKIE_SECURE"],
"config.FORCE_SSL": config.FORCE_SSL,
},
}))

Loading…
Cancel
Save