From 76ab495be08b1baa34ae176e005ad368d56ffc45 Mon Sep 17 00:00:00 2001
From: Dara Keon <lc.sales.duarte@gmail.com>
Date: Wed, 19 Jul 2023 22:42:58 +0100
Subject: [PATCH] midna: add django recommended security settings

---
 docs/RELEASES.md            | 2 +-
 midna/src/midna/settings.py | 3 +++
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/docs/RELEASES.md b/docs/RELEASES.md
index 8c42706fe3..2297290275 100644
--- a/docs/RELEASES.md
+++ b/docs/RELEASES.md
@@ -16,7 +16,7 @@ This is the list of project releases, past and current. To see tasks that are st
 
 ## <a name="10.0.1.0"></a>10.0.1.0 :sheep: <sup>`11`</sup>
 - [ ] Fix menu not opening
-- [ ] `230619>......` Add admin to nginx with production settings ([django-prod]/[django-nginx])
+- [x] `230619>230719` Add admin to nginx with production settings ([django-prod]/[django-nginx])
 - [x] `230619>230619` Fix emails to remove email contact and tell how to recover and delete csv
 - [x] `230618>230619` Fix terms to remove email contact and tell how to recover and delete csv
 - [x] `230530>230617` Add link to purge csv into email with csv
diff --git a/midna/src/midna/settings.py b/midna/src/midna/settings.py
index c62b8737ef..ee9e6d5a15 100644
--- a/midna/src/midna/settings.py
+++ b/midna/src/midna/settings.py
@@ -160,6 +160,9 @@
 	SECURE_PROXY_SSL_HEADER = ("HTTP_X_FORWARDED_PROTO", "https")
 	SECURE_REFERRER_POLICY = "strict-origin-when-cross-origin"
 
+	SESSION_COOKIE_SECURE = True
+	CSRF_COOKIE_SECURE = True
+
 	LOGGING = {
 		'version': 1,
 		'disable_existing_loggers': False,