From 32b6598f1522e9631c35d1ec98083bea212c251d Mon Sep 17 00:00:00 2001 From: Lyla Fischer Date: Mon, 28 Oct 2013 14:57:28 -0400 Subject: [PATCH] removed requirement for security from session cookie --- {{cookiecutter.repo_name}}/README.rst | 2 +- .../{{cookiecutter.repo_name}}/config/settings.py | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/{{cookiecutter.repo_name}}/README.rst b/{{cookiecutter.repo_name}}/README.rst index c3007886..6439a4af 100644 --- a/{{cookiecutter.repo_name}}/README.rst +++ b/{{cookiecutter.repo_name}}/README.rst @@ -30,7 +30,7 @@ DJANGO_SECURE_CONTENT_TYPE_NOSNIFF SECURE_CONTENT_TYPE_NOSNIFF n/a DJANGO_SECURE_FRAME_DENY SECURE_FRAME_DENY n/a True DJANGO_SECURE_HSTS_INCLUDE_SUBDOMAINS HSTS_INCLUDE_SUBDOMAINS n/a True DJANGO_SESSION_COOKIE_HTTPONLY SESSION_COOKIE_HTTPONLY n/a True -DJANGO_SESSION_COOKIE_SECURE SESSION_COOKIE_SECURE n/a True +DJANGO_SESSION_COOKIE_SECURE SESSION_COOKIE_SECURE n/a False ======================================= =========================== =========================================== =========================================== * TODO: Add vendor-added settings in another table diff --git a/{{cookiecutter.repo_name}}/{{cookiecutter.repo_name}}/config/settings.py b/{{cookiecutter.repo_name}}/{{cookiecutter.repo_name}}/config/settings.py index 446f26ef..e7b1c7c0 100644 --- a/{{cookiecutter.repo_name}}/{{cookiecutter.repo_name}}/config/settings.py +++ b/{{cookiecutter.repo_name}}/{{cookiecutter.repo_name}}/config/settings.py @@ -318,7 +318,7 @@ class Production(Common): SECURE_FRAME_DENY = values.BooleanValue(True) SECURE_CONTENT_TYPE_NOSNIFF = values.BooleanValue(True) SECURE_BROWSER_XSS_FILTER = values.BooleanValue(True) - SESSION_COOKIE_SECURE = values.BooleanValue(True) + SESSION_COOKIE_SECURE = values.BooleanValue(False) SESSION_COOKIE_HTTPONLY = values.BooleanValue(True) SECURE_SSL_REDIRECT = values.BooleanValue(True) ########## end django-secure