Session cookie fix (#7133)

* Make session cookie insecure by default * Update docs
2025-06-14 02:55:41 +00:00 · 2024-04-29 20:49:35 +10:00
parent 3f879f047d
commit 477da1fa65
2 changed files with 4 additions and 1 deletions
--- a/src/backend/InvenTree/InvenTree/settings.py
+++ b/src/backend/InvenTree/InvenTree/settings.py
@ -1110,8 +1110,10 @@ if (
 CSRF_HEADER_NAME = 'HTTP_X_CSRFTOKEN'
 CSRF_COOKIE_NAME = 'csrftoken'
 CSRF_COOKIE_SAMESITE = 'Lax'
-SESSION_COOKIE_SECURE = True
 SESSION_COOKIE_SAMESITE = 'Lax'
+SESSION_COOKIE_SECURE = get_boolean_setting(
+    'INVENTREE_SESSION_COOKIE_SECURE', 'session_cookie_secure', False
+)

 USE_X_FORWARDED_HOST = get_boolean_setting(
    'INVENTREE_USE_X_FORWARDED_HOST',