Merge pull request #290 from SELab-2/cookies/secure

secure cookies in env file
SELab-2 · May 21, 2023 · ffd2174 · ffd2174
2 parents 0a45129 + d4921cc
commit ffd2174
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 2 deletions.
diff --git a/backend/backend/.env.example b/backend/backend/.env.example
@@ -6,4 +6,5 @@ DB_PORT=5432
 EMAIL=[email protected]
 EMAIL_PASSWORD=my_app_password
 DEBUG_MODE=True
-SECRET_KEY=django-insecure-mz0gymvj@n5wl2p0yau(vj0e3jdx_wok78+ead*=p4)$w)g5(z
+SECRET_KEY=django-insecure-mz0gymvj@n5wl2p0yau(vj0e3jdx_wok78+ead*=p4)$w)g5(z
+SECURE_COOKIES=True
diff --git a/backend/backend/settings.py b/backend/backend/settings.py
@@ -216,7 +216,7 @@
     'AUTH_COOKIE': 'access_token',  # Cookie name. Enables cookies if value is set.
     'REFRESH_COOKIE': 'refresh',
     'AUTH_COOKIE_DOMAIN': None,  # A string like "example.com", or None for standard domain cookie.
-    'AUTH_COOKIE_SECURE': False,  # Whether the auth cookies should be secure (https:// only). TODO TRUE FOR PRODUCTION
+    'AUTH_COOKIE_SECURE': env.get_value('SECURE_COOKIES', bool, False),  # Whether the auth cookies should be secure (https:// only).
     'AUTH_COOKIE_HTTP_ONLY': True,  # Http only cookie flag.It's not fetch by javascript.
     'AUTH_COOKIE_PATH': '/',  # The path of the auth cookie.
     'AUTH_COOKIE_SAMESITE': 'Lax',