Merge pull request #37 from Lyla-Fischer/session_cookie

removed requirement for security from session cookie
2024-11-22 17:47:08 +03:00 · 2013-10-28 13:14:30 -07:00 · 2013-10-28 13:14:30 -07:00 · 66e48fec78
commit 66e48fec78
parent 6b14e33073 32b6598f15
2 changed files with 2 additions and 2 deletions
--- a/{{cookiecutter.repo_name}}/README.rst
+++ b/{{cookiecutter.repo_name}}/README.rst
@ -30,7 +30,7 @@ DJANGO_SECURE_CONTENT_TYPE_NOSNIFF      SECURE_CONTENT_TYPE_NOSNIFF n/a
 DJANGO_SECURE_FRAME_DENY                SECURE_FRAME_DENY           n/a                                         True
 DJANGO_SECURE_HSTS_INCLUDE_SUBDOMAINS   HSTS_INCLUDE_SUBDOMAINS     n/a                                         True
 DJANGO_SESSION_COOKIE_HTTPONLY          SESSION_COOKIE_HTTPONLY     n/a                                         True
-DJANGO_SESSION_COOKIE_SECURE            SESSION_COOKIE_SECURE       n/a                                         True
+DJANGO_SESSION_COOKIE_SECURE            SESSION_COOKIE_SECURE       n/a                                         False
 ======================================= =========================== =========================================== ===========================================

 * TODO: Add vendor-added settings in another table
--- a/{{cookiecutter.repo_name}}/{{cookiecutter.repo_name}}/config/settings.py
+++ b/{{cookiecutter.repo_name}}/{{cookiecutter.repo_name}}/config/settings.py
@ -318,7 +318,7 @@ class Production(Common):
    SECURE_FRAME_DENY = values.BooleanValue(True)
    SECURE_CONTENT_TYPE_NOSNIFF = values.BooleanValue(True)
    SECURE_BROWSER_XSS_FILTER = values.BooleanValue(True)
-    SESSION_COOKIE_SECURE = values.BooleanValue(True)
+    SESSION_COOKIE_SECURE = values.BooleanValue(False)
    SESSION_COOKIE_HTTPONLY = values.BooleanValue(True)
    SECURE_SSL_REDIRECT = values.BooleanValue(True)
    ########## end django-secure