Merge pull request #3910 from airqo-platform/website2-backend5

website-backend: CSRF ISSUE
airqo-platform · Nov 25, 2024 · d205505 · d205505
2 parents 728eb1e + 4428a64
commit d205505
Showing 1 changed file with 3 additions and 1 deletion.
diff --git a/src/website/core/settings.py b/src/website/core/settings.py
@@ -88,8 +88,10 @@ def parse_env_list(env_var, default=""):
 CORS_ORIGIN_REGEX_WHITELIST = parse_env_list("CORS_ORIGIN_REGEX_WHITELIST")
 CSRF_TRUSTED_ORIGINS = parse_env_list("CSRF_TRUSTED_ORIGINS")
 
+
 # Only allow CSRF cookie over HTTPS in production
-CSRF_COOKIE_SECURE = not DEBUG
+CSRF_COOKIE_SECURE = True
+SESSION_COOKIE_SECURE = True
 
 # Root URL configuration
 ROOT_URLCONF = 'core.urls'