fix dla xiastek not secure

2025-07-26 23:22:33 +02:00
parent bc6f64e546
commit 7e69610981
3 changed files with 19 additions and 7 deletions
--- a/app.py
+++ b/app.py
@@ -86,6 +86,8 @@ talisman = Talisman(
    content_security_policy=csp_policy,
    x_content_type_options=app.config.get("ENABLE_XCTO", True),
    strict_transport_security_include_subdomains=False,
+    referrer_policy=app.config.get("REFERRER_POLICY"),
+
 )

 register_heif_opener()  # pillow_heif dla HEIC
@@ -830,7 +832,12 @@ def system_auth():
            reset_failed_attempts(ip)
            resp = redirect(next_page)
            max_age = app.config.get("AUTH_COOKIE_MAX_AGE", 86400)
-            resp.set_cookie("authorized", AUTHORIZED_COOKIE_VALUE, max_age=max_age)
+            resp.set_cookie(
+                "authorized",
+                AUTHORIZED_COOKIE_VALUE,
+                max_age=max_age,
+                secure=request.is_secure
+            )
            return resp
        else:
            register_failed_attempt(ip)