updating some default django settings

frePPLe · Jan 10, 2024 · 9b08654 · 9b08654
1 parent a98971a
commit 9b08654
Show file tree

Hide file tree

Showing 3 changed files with 11 additions and 7 deletions.
diff --git a/djangosettings.py b/djangosettings.py
@@ -489,7 +489,11 @@
 SESSION_COOKIE_AGE = 3600 * 24 * 3  # 3 days
 
 # Users are automatically logged out after this period of inactivity
-SESSION_LOGOUT_IDLE_TIME = 60 * 24 # minutes
+SESSION_LOGOUT_IDLE_TIME = 60 * 24  # minutes
+
+# Extra security settings for cookies when you use https
+# SESSION_COOKIE_SECURE = True
+# CSRF_COOKIE_SECURE = True
 
 MIDDLEWARE = (
     "django.contrib.sessions.middleware.SessionMiddleware",
@@ -689,9 +693,9 @@
                 "widgets": [
                     # ("archived_purchase_order", {"history": 12}),
                     ("inventory_by_location", {"limit": 5}),
-                    #("inventory_by_item", {"limit": 10}),
+                    # ("inventory_by_item", {"limit": 10}),
                 ],
-            }
+            },
         ],
     },
     {
@@ -721,15 +725,15 @@
                 "widgets": [
                     ("distribution_orders", {"fence1": 7, "fence2": 30}),
                     # ("shipping_queue",{"limit":20}),
-                    #("archived_buffer", {"history": 12}),
+                    # ("archived_buffer", {"history": 12}),
                 ],
             },
             {
                 "width": 4,
                 "widgets": [
                     ("archived_buffer", {"history": 12}),
                 ],
-            }
+            },
         ],
     },
 ]
@@ -768,7 +772,6 @@
 # Alternative: allow embedding in a specific domain
 #   CONTENT_SECURITY_POLICY = "frame-ancestors 'self' mydomain.com;"
 #   X_FRAME_OPTIONS = None
-#   SESSION_COOKIE_SAMESITE = "none"
 #   CSRF_COOKIE_SAMESITE = "none"
 
 # Configuration of the ftp/sftp/ftps server where to upload reports

diff --git a/doc/erp-integration/odoo-connector/installation-and-configuration.rst b/doc/erp-integration/odoo-connector/installation-and-configuration.rst
@@ -105,7 +105,7 @@ The section below describes the installation and configuration of these.
 
            CONTENT_SECURITY_POLICY = "frame-ancestors 'self' domain-of-your-odoo-server;"
            X_FRAME_OPTIONS = None
-           SESSION_COOKIE_SAMESITE = "none"            # NOTE: "none", not None
+           SESSION_COOKIE_SAMESITE = "Lax"
            CSRF_COOKIE_SAMESITE = "none"               # NOTE: "none", not None
 
   * **Configure parameters**

diff --git a/freppledb/settings.py b/freppledb/settings.py
@@ -324,6 +324,7 @@
 SESSION_EXPIRE_AT_BROWSER_CLOSE = (
     True  # Whether sessions expire when a user closes his browser.
 )
+SESSION_COOKIE_HTTPONLY = True
 
 # Users are automatically logged out after this period of inactivity
 SESSION_LOGOUT_IDLE_TIME = 60 * 24  # minutes