Merge pull request #6735 from wenottingham/true-is-relative

Flip CSRF_COOKIE_SECURE docs. Reviewed-by: https://github.com/apps/softwarefactory-project-zuul
2026-01-11 01:57:35 -03:30 · 2020-04-16 21:09:20 +00:00 · 2020-04-16 21:09:20 +00:00 · 37491fa4b9
commit 37491fa4b9
parent f41852c3ee 11b1d0e84c
1 changed files with 1 additions and 1 deletions
--- a/docs/auth/session.md
+++ b/docs/auth/session.md
@ -14,7 +14,7 @@ hijack cookies will only get the `session_id` itself, which does not imply any c
 a limited time, and can be revoked at any time.

 > Note: The CSRF token will by default allow HTTP.  To increase security, the `CSRF_COOKIE_SECURE` setting should
-be set to False.  
+be set to True.


 ## Usage