Fix secure session cookie

This commit is contained in:
Noah 2014-07-16 19:20:53 +00:00
parent 969a758a8d
commit 259779770f
2 changed files with 14 additions and 8 deletions

View File

@ -18,7 +18,7 @@ app.secret_key = config.SECRET_KEY
# Security?
if config.FORCE_SSL:
app.SESSION_COOKIE_SECURE = True
app.config['SESSION_COOKIE_SECURE'] = True
sslify = SSLify(app)
# Load all the blueprints!

View File

@ -5,7 +5,9 @@
from flask import g, request, redirect, url_for, flash
import re
import os
import json
import config
from rophako import app
from rophako.utils import template, login_required
import rophako.model.blog as Blog
@ -99,10 +101,14 @@ def legacy_url(page):
@app.route("/ssl_test")
@login_required
def ssl_test():
criteria = [
request.is_secure,
app.debug,
request.headers.get("X-Forwarded-Proto", "http") == "https"
]
return str(criteria)
return "<pre>{}</pre>".format(json.dumps({
"SSLify criteria": {
"request.is_secure": request.is_secure,
"app.debug": app.debug,
"X-Forwarded-Proto is http": request.headers.get("X-Forwarded-Proto", "http") == "https",
},
"App Configuration": {
"Session cookies secure": app.config["SESSION_COOKIE_SECURE"],
"config.FORCE_SSL": config.FORCE_SSL,
},
}))