From 259779770fa4ecdf345ef15f8c29f91b84faaf1a Mon Sep 17 00:00:00 2001 From: Noah Petherbridge Date: Wed, 16 Jul 2014 19:20:53 +0000 Subject: [PATCH] Fix secure session cookie --- rophako/__init__.py | 2 +- rophako/modules/kirsle_legacy.py | 20 +++++++++++++------- 2 files changed, 14 insertions(+), 8 deletions(-) diff --git a/rophako/__init__.py b/rophako/__init__.py index 39573e6..81f2408 100644 --- a/rophako/__init__.py +++ b/rophako/__init__.py @@ -18,7 +18,7 @@ app.secret_key = config.SECRET_KEY # Security? if config.FORCE_SSL: - app.SESSION_COOKIE_SECURE = True + app.config['SESSION_COOKIE_SECURE'] = True sslify = SSLify(app) # Load all the blueprints! diff --git a/rophako/modules/kirsle_legacy.py b/rophako/modules/kirsle_legacy.py index 55e97a3..6af8e14 100644 --- a/rophako/modules/kirsle_legacy.py +++ b/rophako/modules/kirsle_legacy.py @@ -5,7 +5,9 @@ from flask import g, request, redirect, url_for, flash import re import os +import json +import config from rophako import app from rophako.utils import template, login_required import rophako.model.blog as Blog @@ -99,10 +101,14 @@ def legacy_url(page): @app.route("/ssl_test") @login_required def ssl_test(): - criteria = [ - request.is_secure, - app.debug, - request.headers.get("X-Forwarded-Proto", "http") == "https" - ] - - return str(criteria) + return "
{}
".format(json.dumps({ + "SSLify criteria": { + "request.is_secure": request.is_secure, + "app.debug": app.debug, + "X-Forwarded-Proto is http": request.headers.get("X-Forwarded-Proto", "http") == "https", + }, + "App Configuration": { + "Session cookies secure": app.config["SESSION_COOKIE_SECURE"], + "config.FORCE_SSL": config.FORCE_SSL, + }, + }))