make session cookie secure, so it's only sent over https. (#1982)

votingworks · Oct 6, 2024 · eab7322 · eab7322
1 parent 5c4bb29
commit eab7322
Showing 1 changed file with 1 addition and 0 deletions.
diff --git a/server/app.py b/server/app.py
@@ -30,6 +30,7 @@
     app,
     force_https_permanent=True,
     session_cookie_http_only=True,
+    session_cookie_secure=True,
     feature_policy="camera 'none'; microphone 'none'; geolocation 'none'",
     # TODO: Configure webpack to use a nonce: https://webpack.js.org/guides/csp/.
     content_security_policy={