Turn on secure cookie support if the server os environment expects to use secure connections

2024-11-22 07:53:19 +01:00 · 2021-09-27 22:12:32 -04:00 · 2021-09-27 22:12:32 -04:00 · 166d552fba
commit 166d552fba
parent e8efa4d263
1 changed files with 8 additions and 0 deletions
--- a/helpdesk/settings.py
+++ b/helpdesk/settings.py
@ -5,6 +5,7 @@ Default settings for django-helpdesk.
 import warnings
 from django.conf import settings
 from django.core.exceptions import ImproperlyConfigured
+import os

 DEFAULT_USER_SETTINGS = {
    'login_view_ticketlist': True,
@ -22,6 +23,13 @@ except AttributeError:

 HAS_TAG_SUPPORT = False

+# check for secure cookie support
+if os.environ.get('SECURE_PROXY_SSL_HEADER'):
+    SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
+
+    SESSION_COOKIE_SECURE = True
+    CSRF_COOKIE_SECURE = True
+
 ##########################################
 # generic options - visible on all pages #
 ##########################################