Browse Source

Fix secure session cookie

pull/2/head
Noah Petherbridge 7 years ago
parent
commit
259779770f
  1. 2
      rophako/__init__.py
  2. 20
      rophako/modules/kirsle_legacy.py

2
rophako/__init__.py

@ -18,7 +18,7 @@ app.secret_key = config.SECRET_KEY
# Security?
if config.FORCE_SSL:
app.SESSION_COOKIE_SECURE = True
app.config['SESSION_COOKIE_SECURE'] = True
sslify = SSLify(app)
# Load all the blueprints!

20
rophako/modules/kirsle_legacy.py

@ -5,7 +5,9 @@
from flask import g, request, redirect, url_for, flash
import re
import os
import json
import config
from rophako import app
from rophako.utils import template, login_required
import rophako.model.blog as Blog
@ -99,10 +101,14 @@ def legacy_url(page):
@app.route("/ssl_test")
@login_required
def ssl_test():
criteria = [
request.is_secure,
app.debug,
request.headers.get("X-Forwarded-Proto", "http") == "https"
]
return str(criteria)
return "<pre>{}</pre>".format(json.dumps({
"SSLify criteria": {
"request.is_secure": request.is_secure,
"app.debug": app.debug,
"X-Forwarded-Proto is http": request.headers.get("X-Forwarded-Proto", "http") == "https",
},
"App Configuration": {
"Session cookies secure": app.config["SESSION_COOKIE_SECURE"],
"config.FORCE_SSL": config.FORCE_SSL,
},
}))

Loading…
Cancel
Save