michael/pyfedi
1
0
Fork 0
mirror of https://codeberg.org/rimu/pyfedi synced 2025-01-23 19:36:56 -08:00
Code Issues Projects Releases Packages Wiki Activity Actions

tighten session cookie security

Browse source
This commit is contained in:
rimu 2024-03-21 11:07:11 +13:00
parent 097d37d7e0
commit c562202588
2 changed files with 6 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
app/models.py
View file

@ -579,8 +579,8 @@ class User(UserMixin, db.Model):
def num_content(self): def num_content(self):
content = 0 content = 0
content += db.session.execute(text('SELECT COUNT(id) as c FROM "post" WHERE user_id = ' + str(self.id))).scalar() content += db.session.execute(text('SELECT COUNT(id) as c FROM "post" WHERE user_id = :user_id'), {'user_id': self.id}).scalar()
content += db.session.execute(text('SELECT COUNT(id) as c FROM "post_reply" WHERE user_id = ' + str(self.id))).scalar() content += db.session.execute(text('SELECT COUNT(id) as c FROM "post_reply" WHERE user_id = :user_id'), {'user_id': self.id}).scalar()
return content return content
def is_local(self): def is_local(self):

4
config.py
View file

@ -42,3 +42,7 @@ class Config(object):
SENTRY_DSN = os.environ.get('SENTRY_DSN') or None SENTRY_DSN = os.environ.get('SENTRY_DSN') or None
AWS_REGION = os.environ.get('AWS_REGION') or None AWS_REGION = os.environ.get('AWS_REGION') or None
SESSION_COOKIE_SECURE = True
SESSION_COOKIE_HTTPONLY = True
SESSION_COOKIE_SAMESITE = 'Lax'