From 7f2b18e656f42b0595f61cba08e6ff18f3144e82 Mon Sep 17 00:00:00 2001
From: Maciej Tronowski <mtro@man.poznan.pl>
Date: Tue, 1 Sep 2015 16:02:06 +0200
Subject: [PATCH] set csrf cookie as httponly

---
 plgng/settings_common.py |    3 +++
 1 file changed, 3 insertions(+)

diff --git a/plgng/settings_common.py b/plgng/settings_common.py
index 337f557..a2b39fe 100644
--- a/plgng/settings_common.py
+++ b/plgng/settings_common.py
@@ -111,6 +111,9 @@ SESSION_COOKIE_AGE = 60 * 60 * 24 * 6  # 6 days, length of user proxy from openi
 SESSION_SERIALIZER = 'django.contrib.sessions.serializers.PickleSerializer'
 
 
+CSRF_COOKIE_HTTPONLY = True
+
+
 # 3-rd party settings
 
 BOOTSTRAP3 = {
-- 
1.7.9.5