set cookie attributes for security

commit111 · commit111 · commit 2711a0c9279e · 2024-12-18T11:15:19.000-08:00
diff --git a/app/app.py b/app/app.py
@@ -7,6 +7,9 @@
 import os
 
 app.config['SECRET_KEY'] = os.getenv('SECRET_KEY')
+app.config['SESSION_COOKIE_HTTPONLY'] = True
+app.config['SESSION_COOKIE_SECURE'] = bool(os.getenv('SESSION_COOKIE_SECURE'))
+
 csrf = CSRFProtect(app)
 
 @app.route('/', methods=['GET', 'POST'])
diff --git a/compose.dev.yaml b/compose.dev.yaml
@@ -11,6 +11,7 @@ services:
     environment:
       FLASK_APP: app.py
       SECRET_KEY: supersecret
+      SESSION_COOKIE_SECURE: 0
       OPENAI_API_KEY: ${OPENAI_API_KEY} # Set your OpenAI API key here or in the .env file
     command: flask run --host=0.0.0.0
     deploy:
diff --git a/compose.yaml b/compose.yaml
@@ -14,6 +14,7 @@ services:
     environment:
       FLASK_APP: app.py
       SECRET_KEY: 
+      SESSION_COOKIE_SECURE: 1
       OPENAI_API_KEY: ${OPENAI_API_KEY} # Set your OpenAI API key here or in the .env file
     command: uwsgi --http 0.0.0.0:5000 --wsgi-file app.py --callable app --processes 4 --threads 2
     deploy:
