From 981ef5b8173febd0b7cc2c840724a119338f3a6c Mon Sep 17 00:00:00 2001
From: Luke Granger-Brown <git@lukegb.com>
Date: Sat, 29 Jul 2017 17:02:12 +0100
Subject: [PATCH] Set session/CSRF cookies with secure flag.

Part of #32.
---
 spongeauth/spongeauth/settings/prod.py | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/spongeauth/spongeauth/settings/prod.py b/spongeauth/spongeauth/settings/prod.py
index c4f270a6..35ae641e 100644
--- a/spongeauth/spongeauth/settings/prod.py
+++ b/spongeauth/spongeauth/settings/prod.py
@@ -14,6 +14,11 @@
 DEFAULT_FROM_EMAIL = 'admin@spongepowered.org'
 SERVER_EMAIL = 'admin@spongepowered.org'
 
+SESSION_COOKIE_SECURE = True
+SESSION_COOKIE_HTTPONLY = True
+CSRF_COOKIE_SECURE = True
+CSRF_COOKIE_HTTPONLY = True
+
 EMAIL_BACKEND = 'django.core.mail.backends.smtp.EmailBackend'
 EMAIL_USE_TLS = True
 EMAIL_USE_SSL = False