From: Maciej Tronowski <mtro@man.poznan.pl>
Date: Tue, 1 Sep 2015 14:02:06 +0000 (+0200)
Subject: set csrf cookie as httponly
X-Git-Tag: v1.1~32
X-Git-Url: http://mmka.chem.univ.gda.pl/gitweb/?a=commitdiff_plain;h=7f2b18e656f42b0595f61cba08e6ff18f3144e82;p=qcg-portal.git

set csrf cookie as httponly
---

diff --git a/plgng/settings_common.py b/plgng/settings_common.py
index 337f557..a2b39fe 100644
--- a/plgng/settings_common.py
+++ b/plgng/settings_common.py
@@ -111,6 +111,9 @@ SESSION_COOKIE_AGE = 60 * 60 * 24 * 6  # 6 days, length of user proxy from openi
 SESSION_SERIALIZER = 'django.contrib.sessions.serializers.PickleSerializer'
 
 
+CSRF_COOKIE_HTTPONLY = True
+
+
 # 3-rd party settings
 
 BOOTSTRAP3 = {