From a510f87dd5a675b10d9694aaaa78be7103a458e9 Mon Sep 17 00:00:00 2001
From: Michael Tremer <michael.tremer@ipfire.org>
Date: Thu, 15 Feb 2024 16:12:58 +0000
Subject: [PATCH] web: Set secure attribute for XSRF cookie

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---
 src/web/__init__.py | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/web/__init__.py b/src/web/__init__.py
index 3ca6d73d..0ea16fcd 100644
--- a/src/web/__init__.py
+++ b/src/web/__init__.py
@@ -41,6 +41,9 @@ class Application(tornado.web.Application):
 
 			# Enable XSRF cookies
 			"xsrf_cookies" : True,
+			"xsrf_cookie_kwargs" : {
+				"secure" : True,
+			},
 
 			# Login
 			"login_url" : "/login",
-- 
2.47.2