make current_user ck secure and httponly

2026-02-15 10:10:01 -03:30 · 2018-11-20 10:13:53 -05:00
parent d7a28dcea4
commit 05d988349c
3 changed files with 10 additions and 6 deletions
--- a/awx/api/generics.py
+++ b/awx/api/generics.py
@@ -92,8 +92,7 @@ class LoggedLoginView(auth_views.LoginView):
            current_user = UserSerializer(self.request.user)
            current_user = JSONRenderer().render(current_user.data)
            current_user = urllib.quote('%s' % current_user, '')
-            ret.set_cookie('current_user', current_user)
-
+            ret.set_cookie('current_user', current_user, secure=settings.SESSION_COOKIE_SECURE or None)
            return ret
        else:
            ret.status_code = 401