Skip to content

Commit 5ca2cea

Browse files
jetomitjetomit
authored
Closes #20222: Enable HttpOnly flag for the CSRF cookie (#20262)
1 parent 026737b commit 5ca2cea

File tree

1 file changed

+1
-0
lines changed

1 file changed

+1
-0
lines changed

netbox/netbox/settings.py

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -84,6 +84,7 @@
8484
CORS_ORIGIN_WHITELIST = getattr(configuration, 'CORS_ORIGIN_WHITELIST', [])
8585
CSRF_COOKIE_NAME = getattr(configuration, 'CSRF_COOKIE_NAME', 'csrftoken')
8686
CSRF_COOKIE_PATH = f'/{BASE_PATH.rstrip("/")}'
87+
CSRF_COOKIE_HTTPONLY = True
8788
CSRF_COOKIE_SECURE = getattr(configuration, 'CSRF_COOKIE_SECURE', False)
8889
CSRF_TRUSTED_ORIGINS = getattr(configuration, 'CSRF_TRUSTED_ORIGINS', [])
8990
DATA_UPLOAD_MAX_MEMORY_SIZE = getattr(configuration, 'DATA_UPLOAD_MAX_MEMORY_SIZE', 2621440)

0 commit comments

Comments
 (0)