Could probably piggyback SESSION_COOKIE_SECURE if you wanted.
https://github.com/mozilla/django-session-csrf/commit/e47cb576 It was already httponly, now it's secure if the request looks secure.
Status: NEW → RESOLVED
Last Resolved: 7 years ago
Resolution: --- → FIXED
verified @ https://addons-next.allizom.org/en-US/firefox/users/edit See post-fix screenshot.
Status: RESOLVED → VERIFIED
Product: addons.mozilla.org → addons.mozilla.org Graveyard
You need to log in before you can comment on or make changes to this bug.