From 6c6b0b161caa31c2ba4ce45e715d0324ebf22e41 Mon Sep 17 00:00:00 2001 From: Florent Daigniere Date: Sat, 6 Nov 2021 10:45:59 +0100 Subject: [PATCH] Set the right flags on the rate_limit cookie --- core/admin/mailu/sso/views/base.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/core/admin/mailu/sso/views/base.py b/core/admin/mailu/sso/views/base.py index fbee52a7..c11c588a 100644 --- a/core/admin/mailu/sso/views/base.py +++ b/core/admin/mailu/sso/views/base.py @@ -38,7 +38,7 @@ def login(): flask.session.regenerate() flask_login.login_user(user) response = flask.redirect(destination) - response.set_cookie('rate_limit', utils.limiter.device_cookie(username), max_age=31536000, path=flask.url_for('sso.login')) + response.set_cookie('rate_limit', utils.limiter.device_cookie(username), max_age=31536000, path=flask.url_for('sso.login'), secure=True, httponly=True) flask.current_app.logger.info(f'Login succeeded for {username} from {client_ip}.') return response else: