BhagavadGita icon indicating copy to clipboard operation
BhagavadGita copied to clipboard

improving set_cookie security

Open daghan opened this issue 5 years ago • 0 comments

Hi there,

We have a free program analysis tool for Python 3 web projects, called Bento. While we were scanning GitHub projects for issues, it triggered a warning for the set_cookie method on your app. Looks like you use cookies for user settings (not auth) so perhaps it is no big deal. But I don't think it does any harm to secure the cookies (it is 1-line change) and it prevents malicious actors from stealing settings cookies.

There were bunch of other warnings bento triggered on, but I didn't include them in this PR to keep it clean an simple. If you are curious, you can check it out yourself by downloading bento from https://bento.dev/

daghan avatar Dec 29 '19 14:12 daghan