From 327200a4b0a667c83357d239fa07468c1bf9b97c Mon Sep 17 00:00:00 2001 From: PlexSheep Date: Mon, 9 Oct 2023 23:07:56 +0200 Subject: [PATCH] better legal info, but not complete --- gawa/gawa/settings.py | 5 ++ gawa/start/templates/base.html | 6 -- gawa/start/templates/start/legalinfo.html | 97 ++++++++++++++++------- 3 files changed, 75 insertions(+), 33 deletions(-) diff --git a/gawa/gawa/settings.py b/gawa/gawa/settings.py index 1acd961..97d85c8 100644 --- a/gawa/gawa/settings.py +++ b/gawa/gawa/settings.py @@ -28,6 +28,11 @@ BASE_DIR = Path(__file__).resolve().parent.parent # SECURITY WARNING: keep the secret key used in production secret! SECRET_KEY = 'django-insecure-z_t5-iawtas&1np9)01*4_z_&hy*7wgy1!o$3bnnniux3f1ds-' +# store CSRF Tokens in session cookies instead of in new cookies regardless of +# user. +CSRF_USE_SESSIONS = False +# SECURITY: browsers should only accept cookies over https +SESSION_COOKIE_SECURE = True # SECURITY WARNING: don't run with debug turned on in production! DEBUG = True diff --git a/gawa/start/templates/base.html b/gawa/start/templates/base.html index 22d5c67..2225b87 100644 --- a/gawa/start/templates/base.html +++ b/gawa/start/templates/base.html @@ -42,12 +42,6 @@ {% block main %} {% endblock main %} -