Menu
I am running a Flask app using uWSGI and Nginx. I want make it compliant with PCI DSS. Running the scan gives the error Cookie Does Not Contain The "secure" Attribute. How do I set the secure attribute for cookies in Flask?
I have added the following line in my Nginx file but it didn't work.
proxy_cookie_path / "/; secure;";
356
Launch Google Chrome and go to either WEB or CAWEB portal website. Press F12 (from Keyboard) to launch Developer Tools. Go to Application tab -> Cookies ( left Panel) and ensure the Secure column was ticked.
Anybody can read the data in this cookie, but the server will know if the data has been tampered with. But because the data can be read by the browser, you should never store data that needs to be kept secret in with Flask's built-in session ! Now, start the server: python app.py .
Flask cookies In Flask, set the cookie on the response object. Use the make_response() function to get the response object from the return value of the view function. After that, the cookie is stored using the set_cookie() function of the response object. It is easy to read back cookies.
The secure flag for Flask's session cookie can be enabled in the Flask configuration.
SESSION_COOKIE_SECURE = True
To set it for other cookies, pass the secure flag to response.set_cookie.
response = app.make_response('<p>Hello, World!</p>')
response.set_cookie('name', 'World', secure=True)
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
