From 8b214d64aa362438bed76713f5b0dd414ec8c2f7 Mon Sep 17 00:00:00 2001 From: manatlan Date: Mon, 14 Oct 2024 12:30:20 +0200 Subject: [PATCH] webserversession cookie ssl aware --- htagweb/runners.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htagweb/runners.py b/htagweb/runners.py index ea6c2cb..92616ab 100644 --- a/htagweb/runners.py +++ b/htagweb/runners.py @@ -70,7 +70,7 @@ async def __call__(self, scope: Scope, receive: Receive, send: Send) -> None: uid = str(uuid.uuid4()) security_flags = "httponly; samesite=none" - if connection.url.scheme in ["https","wss"]: # Secure flag can be used with HTTPS only + if connection.headers.get("X-Forwarded-Proto") == "https": # Secure flag can be used with HTTPS only security_flags += "; secure" #!!!!!!!!!!!!!!!!!!!!!!!!!!!