Question

我正在使用uWSGI和Nginx运行Flask应用。我想让它符合PCI DSS。运行扫描会出现错误Cookie Does Not Contain The "secure" Attribute。如何在Flask中设置cookie的安全属性？

我在我的Nginx文件中添加了以下行，但它不起作用。

proxy_cookie_path / "/; secure;";

Answer 1

可以在Flask configuration中启用Flask会话Cookie的安全标记。

SELECT *, ROW_NUMBER() OVER(ORDER BY c_users.id ASC) AS rank from (
SELECT 
      distinct c_users.id,
      c_photos.user_id,
      c_photos.pic_filename,
      c_users.user_first_name,
      c_users.user_last_name,
      c_users.description,
      c_users.curriculum_diploma_1

FROM
    c_users
INNER JOIN
    c_photos
ON
    c_users.id=c_photos.user_id
WHERE 
    lower(location_town) LIKE '%lille%' 
    AND
    (c_photos.pic_type='profile' OR c_photos.pic_type='photo')    
    ) as data
LIMIT
   9

要将其设置为其他Cookie，请将sudo apt-get install标记传递给response.set_cookie。

SESSION_COOKIE_SECURE = True

为Flask cookie设置“secure”属性

1 个答案: