From: Michael Tremer <michael.tremer@ipfire.org>
Date: Thu, 15 Feb 2024 16:12:58 +0000 (+0000)
Subject: web: Set secure attribute for XSRF cookie
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a510f87dd5a675b10d9694aaaa78be7103a458e9;p=ipfire.org.git

web: Set secure attribute for XSRF cookie

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---

diff --git a/src/web/__init__.py b/src/web/__init__.py
index 3ca6d73d..0ea16fcd 100644
--- a/src/web/__init__.py
+++ b/src/web/__init__.py
@@ -41,6 +41,9 @@ class Application(tornado.web.Application):
 
 			# Enable XSRF cookies
 			"xsrf_cookies" : True,
+			"xsrf_cookie_kwargs" : {
+				"secure" : True,
+			},
 
 			# Login
 			"login_url" : "/login",