This is an automated email from the ASF dual-hosted git repository.
wave pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tooling-trusted-releases.git
The following commit(s) were added to refs/heads/main by this push:
new 1f62359 Configure session cookie security attributes (#574)
1f62359 is described below
commit 1f623598ef9df2679e87e443affb21d3b1964ecd
Author: Dave Fisher <[email protected]>
AuthorDate: Thu Jan 22 08:01:40 2026 -0800
Configure session cookie security attributes (#574)
---
atr/config.py | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/atr/config.py b/atr/config.py
index f63047f..ea8fd40 100644
--- a/atr/config.py
+++ b/atr/config.py
@@ -114,6 +114,12 @@ class AppConfig:
# Chunk size for reading files during extraction
EXTRACT_CHUNK_SIZE: int = decouple.config("EXTRACT_CHUNK_SIZE", default=4
* _MB, cast=int)
+ # session cookie security
+ SESSION_COOKIE_SECURE = True
+ SESSION_COOKIE_HTTPONLY = True
+ SESSION_COOKIE_SAMESITE = "Lax"
+ SESSION_COOKIE_NAME = "__Host-session"
+
# FIXME: retrieve the list of admin users from LDAP or oath session /
isRoot
ADMIN_USERS_ADDITIONAL = decouple.config("ADMIN_USERS_ADDITIONAL",
default="", cast=str)
ADMIN_USERS = frozenset(
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
