admin/demo_partsERP
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Feat(Security):

Browse Source 
a. Update CORS settings
 b. Update session cookie settings
 c. Remove comments that expose project architecture (and that Claude made most of it :P)
This commit is contained in:
Teddy Middleton-Smith
2025-01-25 14:31:34 +00:00
parent fa7cee646a
commit 9ff01b9197
7 changed files with 22 additions and 87 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
config.py
View File

@@ -40,7 +40,8 @@ class Config:
# Auth0
SESSION_COOKIE_SECURE = True
SESSION_COOKIE_HTTPONLY = True
# SESSION_COOKIE_SAMESITE = 'Lax'
SESSION_COOKIE_SAMESITE = 'Strict'
REMEMBER_COOKIE_SECURE = True
# PERMANENT_SESSION_LIFETIME = 3600
WTF_CSRF_ENABLED = True
# WTF_CSRF_CHECK_DEFAULT = False # We'll check it manually for API routes