This is an automated email from the ASF dual-hosted git repository. wave pushed a commit to branch session-cookie-security in repository https://gitbox.apache.org/repos/asf/tooling-trusted-releases.git
commit 67a19c5c23245d57e0b54adc149597d7f5a3bacf Author: Dave Fisher <[email protected]> AuthorDate: Wed Jan 21 15:21:37 2026 -0800 Configure session cookie security attributes --- atr/config.py | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/atr/config.py b/atr/config.py index f63047f..ea8fd40 100644 --- a/atr/config.py +++ b/atr/config.py @@ -114,6 +114,12 @@ class AppConfig: # Chunk size for reading files during extraction EXTRACT_CHUNK_SIZE: int = decouple.config("EXTRACT_CHUNK_SIZE", default=4 * _MB, cast=int) + # session cookie security + SESSION_COOKIE_SECURE = True + SESSION_COOKIE_HTTPONLY = True + SESSION_COOKIE_SAMESITE = "Lax" + SESSION_COOKIE_NAME = "__Host-session" + # FIXME: retrieve the list of admin users from LDAP or oath session / isRoot ADMIN_USERS_ADDITIONAL = decouple.config("ADMIN_USERS_ADDITIONAL", default="", cast=str) ADMIN_USERS = frozenset( --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
