Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Related to #980
Problem
I deployed Re:dash to HTTPS environment and set
REDASH_ENFORCE_COOKIE=true
.Then I noticed that it returns weird session cookie.
It contains both of
Secure
andHttpOnly
.Solution
Flask has a configuration named
SESSION_COOKIE_HTTPONLY
.http://flask.pocoo.org/docs/0.10/config/
I think it should always be inverse of
SESSION_COOKIE_SECURE
.With this change, now Re:dash returns session cookie correctly.
Please review, thanks!