iop
/
superset
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Adding explicit Flask session cookie options to default config (#8317) 

* Adding explicit Flask session cookie options to default config

* Blacking
This commit is contained in:
Craig Rueda 2019-09-29 16:11:22 -07:00 committed by Daniel Vaz Gaspar
parent d59e0c4641
commit cff10ebfcb
1 changed files with 10 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
superset/config.py
View File

@ -655,6 +655,16 @@ TALISMAN_CONFIG = {
"force_https_permanent": False,
}
#
# Flask session cookie options
#
# See https://flask.palletsprojects.com/en/1.1.x/security/#set-cookie-options
# for details
#
SESSION_COOKIE_HTTPONLY = True # Prevent cookie from being read by frontend JS?
SESSION_COOKIE_SECURE = False # Prevent cookie from being transmitted over non-tls?
SESSION_COOKIE_SAMESITE = "Lax" # One of [None, 'Lax', 'Strict']
# URI to database storing the example data, points to
# SQLALCHEMY_DATABASE_URI by default if set to `None`
SQLALCHEMY_EXAMPLES_URI = None