This is an automated email from the ASF dual-hosted git repository.
dpgaspar pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/incubator-superset.git
The following commit(s) were added to refs/heads/master by this push:
new cff10eb Adding explicit Flask session cookie options to default
config (#8317)
cff10eb is described below
commit cff10ebfcbeaa374a323b866fda49730f3bb1dd4
Author: Craig Rueda <[email protected]>
AuthorDate: Sun Sep 29 16:11:22 2019 -0700
Adding explicit Flask session cookie options to default config (#8317)
* Adding explicit Flask session cookie options to default config
* Blacking
---
superset/config.py | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/superset/config.py b/superset/config.py
index fe348a1..79f723d 100644
--- a/superset/config.py
+++ b/superset/config.py
@@ -655,6 +655,16 @@ TALISMAN_CONFIG = {
"force_https_permanent": False,
}
+#
+# Flask session cookie options
+#
+# See https://flask.palletsprojects.com/en/1.1.x/security/#set-cookie-options
+# for details
+#
+SESSION_COOKIE_HTTPONLY = True # Prevent cookie from being read by frontend
JS?
+SESSION_COOKIE_SECURE = False # Prevent cookie from being transmitted over
non-tls?
+SESSION_COOKIE_SAMESITE = "Lax" # One of [None, 'Lax', 'Strict']
+
# URI to database storing the example data, points to
# SQLALCHEMY_DATABASE_URI by default if set to `None`
SQLALCHEMY_EXAMPLES_URI = None
