Support Secure setting for csrf & session cookies.

28edd148 · Bastien Abadie · d2c6fd8f · 28edd148 · 28edd148 · 28edd148
Commit 28edd148 authored 4 years ago by Bastien Abadie
--- a/arkindex/project/config.py
+++ b/arkindex/project/config.py
@@ -88,12 +88,14 @@ def get_settings_parser(base_dir):
    csrf_parser = parser.add_subparser('csrf', default={})
    csrf_parser.add_option('cookie_name', type=str, default='arkindex.csrf')
    csrf_parser.add_option('cookie_domain', type=str, default=None)
+    csrf_parser.add_option('cookie_secure', type=bool, default=False)
    csrf_parser.add_option('cookie_samesite', type=CookieSameSiteOption, default=CookieSameSiteOption.Lax)
    csrf_parser.add_option('trusted_origins', type=str, many=True, default=[])

    session_parser = parser.add_subparser('session', default={})
    session_parser.add_option('cookie_name', type=str, default='arkindex.auth')
    session_parser.add_option('cookie_domain', type=str, default=None)
+    session_parser.add_option('cookie_secure', type=bool, default=False)
    session_parser.add_option('cookie_samesite', type=CookieSameSiteOption, default=CookieSameSiteOption.Lax)

    cors_parser = parser.add_subparser('cors', default={})

--- a/arkindex/project/settings.py
+++ b/arkindex/project/settings.py
@@ -396,11 +396,13 @@ else:
 CSRF_COOKIE_NAME = conf['csrf']['cookie_name']
 CSRF_COOKIE_DOMAIN = conf['csrf']['cookie_domain']
 CSRF_COOKIE_SAMESITE = conf['csrf']['cookie_samesite'].value
+CSRF_COOKIE_SECURE = conf['csrf']['cookie_secure']
 CSRF_TRUSTED_ORIGINS = conf['csrf']['trusted_origins']

 SESSION_COOKIE_NAME = conf['session']['cookie_name']
 SESSION_COOKIE_DOMAIN = conf['session']['cookie_domain']
 SESSION_COOKIE_SAMESITE = conf['session']['cookie_samesite'].value
+SESSION_COOKIE_SECURE = conf['session']['cookie_secure']
 # Required for authentication over websockets
 SESSION_COOKIE_HTTPONLY = False


--- a/arkindex/project/tests/config_samples/defaults.yaml
+++ b/arkindex/project/tests/config_samples/defaults.yaml
@@ -16,6 +16,7 @@ csrf:
  cookie_domain: null
  cookie_name: arkindex.csrf
  cookie_samesite: lax
+  cookie_secure: false
  trusted_origins: []
 database:
  host: localhost
@@ -68,6 +69,7 @@ session:
  cookie_domain: null
  cookie_name: arkindex.auth
  cookie_samesite: lax
+  cookie_secure: false
 static:
  cdn_assets_url: null
  frontend_version: null

--- a/arkindex/project/tests/config_samples/override.yaml
+++ b/arkindex/project/tests/config_samples/override.yaml
@@ -18,6 +18,7 @@ csrf:
  cookie_domain: something.com
  cookie_name: csrfcookie
  cookie_samesite: strict
+  cookie_secure: true
  trusted_origins:
  - trust-no-one
 database:
@@ -83,6 +84,7 @@ session:
  cookie_domain: cookie-dolmen
  cookie_name: stonehenge
  cookie_samesite: false
+  cookie_secure: true
 static:
  cdn_assets_url: http://cdn.teklia.horse/
  frontend_version: 1.2.3-alpha4