oly
/
hackspace
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

disable http csrf cookie param so it can be sent via ajax for production

This commit is contained in:
Oly 2017-03-20 13:41:59 +00:00
parent 8ec4cea078
commit 3dfdb9fc00
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
config/settings/production.py
View File

@ -41,7 +41,8 @@ SESSION_COOKIE_SECURE = True
SESSION_COOKIE_HTTPONLY = True
#SECURE_SSL_REDIRECT = env.bool('DJANGO_SECURE_SSL_REDIRECT', default=True)
CSRF_COOKIE_SECURE = True
CSRF_COOKIE_HTTPONLY = True
#disabledd so csrf works with ajax
CSRF_COOKIE_HTTPONLY = False
X_FRAME_OPTIONS = 'DENY'
# SITE CONFIGURATION