Fix secure session cookie

This commit is contained in:
Noah 2014-07-16 19:20:53 +00:00
parent 969a758a8d
commit 259779770f
2 changed files with 14 additions and 8 deletions

View File

@ -18,7 +18,7 @@ app.secret_key = config.SECRET_KEY
# Security? # Security?
if config.FORCE_SSL: if config.FORCE_SSL:
app.SESSION_COOKIE_SECURE = True app.config['SESSION_COOKIE_SECURE'] = True
sslify = SSLify(app) sslify = SSLify(app)
# Load all the blueprints! # Load all the blueprints!

View File

@ -5,7 +5,9 @@
from flask import g, request, redirect, url_for, flash from flask import g, request, redirect, url_for, flash
import re import re
import os import os
import json
import config
from rophako import app from rophako import app
from rophako.utils import template, login_required from rophako.utils import template, login_required
import rophako.model.blog as Blog import rophako.model.blog as Blog
@ -99,10 +101,14 @@ def legacy_url(page):
@app.route("/ssl_test") @app.route("/ssl_test")
@login_required @login_required
def ssl_test(): def ssl_test():
criteria = [ return "<pre>{}</pre>".format(json.dumps({
request.is_secure, "SSLify criteria": {
app.debug, "request.is_secure": request.is_secure,
request.headers.get("X-Forwarded-Proto", "http") == "https" "app.debug": app.debug,
] "X-Forwarded-Proto is http": request.headers.get("X-Forwarded-Proto", "http") == "https",
},
return str(criteria) "App Configuration": {
"Session cookies secure": app.config["SESSION_COOKIE_SECURE"],
"config.FORCE_SSL": config.FORCE_SSL,
},
}))