From 02bdaea76a535ae994e2057f0b8890a5e355b498 Mon Sep 17 00:00:00 2001
From: Garret Wassermann <gwasser@gmail.com>
Date: Mon, 27 Sep 2021 23:19:06 -0400
Subject: [PATCH] Add security warning to comments of demodesk about using
 secure cookies

---
 demo/demodesk/config/settings.py | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/demo/demodesk/config/settings.py b/demo/demodesk/config/settings.py
index 5c65d03a..7914d648 100644
--- a/demo/demodesk/config/settings.py
+++ b/demo/demodesk/config/settings.py
@@ -25,6 +25,18 @@ DEBUG = True
 
 ALLOWED_HOSTS = []
 
+# SECURITY WARNING: you probably want to configure your server
+# to use HTTPS with secure cookies, then you'd want to set
+# the following settings:
+#
+#SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
+#SESSION_COOKIE_SECURE = True
+#CSRF_COOKIE_SECURE = True
+#
+# We leave them commented out here because most likely for
+# an internal demo you don't need such security, but please
+# remember when setting up your own development / production server!
+
 
 # Application definition