Elgato_dark/bunkerweb
1
0
Fork 0
mirror of https://github.com/bunkerity/bunkerweb synced 2026-05-24 09:28:37 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

chore: Update session and cookie configurations in web UI

Browse source
This commit is contained in:
Théophile Diot 2024-06-10 12:56:27 +01:00
parent 4075c95517
commit 4e3cc4c7a0
No known key found for this signature in database
GPG key ID: FA995104A0BA376A
1 changed files with 7 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
src/ui/main.py
View file

@ -107,6 +107,13 @@ if not FLASK_SECRET:
FLASK_SECRET = TMP_DIR.joinpath(".flask_secret").read_text(encoding="utf-8").strip()
app.config["SECRET_KEY"] = FLASK_SECRET
app.config["SESSION_COOKIE_NAME"] = "__Host-bw_ui_session"
app.config["SESSION_COOKIE_PATH"] = "/"
app.config["SESSION_COOKIE_SECURE"] = True # Required for __Host- prefix
app.config["SESSION_COOKIE_HTTPONLY"] = True # Recommended for security
app.config["SESSION_COOKIE_SAMESITE"] = "Lax" # Or 'Strict' for stricter settings
app.config["PERMANENT_SESSION_LIFETIME"] = timedelta(minutes=30)
app.config["PREFERRED_URL_SCHEME"] = "https"
login_manager = LoginManager()
login_manager.session_protection = "strong"