Set "secure" attribute for Flask cookies

Question

I am running a Flask app using uWSGI and Nginx. I want make it compliant with PCI DSS. Running the scan gives the error Cookie Does Not Contain The "secure" Attribute. How do I set the secure attribute for cookies in Flask?

I have added the following line in my Nginx file but it didn't work.

proxy_cookie_path / "/; secure;";

score 27 · Accepted Answer · edited Aug 23 '23 at 20:53

27

The secure flag for Flask's session cookie can be enabled in the Flask configuration.

SESSION_COOKIE_SECURE = True

To set it for other cookies, pass the secure flag to response.set_cookie.

response = app.make_response('<p>Hello, World!</p>')
response.set_cookie('name', 'World', secure=True)

edited Aug 23 '23 at 20:53

Razzi Abuissa

3,337
2
28
29

answered Jul 20 '17 at 15:01

davidism

121,510
29
395
339

Set "secure" attribute for Flask cookies

1 Answers1

Linked