Skip to content

Commit

Permalink
add attr for csrf
Browse files Browse the repository at this point in the history
  • Loading branch information
@crazyguitar
crazyguitar committed Sep 13, 2018
1 parent 8783cd1 commit adce474
Showing 1 changed file with 6 additions and 0 deletions.
6 changes: 6 additions & 0 deletions app.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -39,6 +39,11 @@ def find_key(token):
}
app = Flask(__name__)
app.config["SECRET_KEY"] = os.urandom(16)
app.config["SESSION_COOKIE_NAME"] = "__Secure-session"
app.config["SESSION_COOKIE_SAMESITE"] = "Strict"
app.config["CSRF_COOKIE_NAME"] = "__Secure-csrf-token"
app.config["CSRF_COOKIE_HTTPONLY"] = True
app.config["CSRF_COOKIE_SECURE"] = True
csrf = SeaSurf(app)
talisman = Talisman(app, force_https=False, content_security_policy=csp)

Expand All @@ -65,6 +70,7 @@ def index_redirection():
return send_from_directory(ROOT, "index.html")


@csrf.exempt
@app.route("/.well-known/acme-challenge/<token>")
def acme(token):
"""Find the acme-key from environment variable."""
Expand Down

0 comments on commit adce474

Please sign in to comment.