From 891f28d8f94c9e2f059a062c04a2087db3b3d3d5 Mon Sep 17 00:00:00 2001
From: Guillaume Vincent <guillaume@oslab.fr>
Date: Sun, 16 Oct 2016 23:09:35 +0200
Subject: [PATCH] configure COOKIE_SECURE and ALLOWED_HOSTS options

---
 lesspass/settings.py | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/lesspass/settings.py b/lesspass/settings.py
index 46acb8c..bc485e6 100644
--- a/lesspass/settings.py
+++ b/lesspass/settings.py
@@ -16,9 +16,9 @@ def get_secret_key(secret_key):
 
 SECRET_KEY = env('SECRET_KEY', preprocessor=get_secret_key, default=None)
 
-DEBUG = env.bool('DJANGO_DEBUG', default=True)
+DEBUG = env.bool('DJANGO_DEBUG', default=False)
 
-ALLOWED_HOSTS = []
+ALLOWED_HOSTS = env('ALLOWED_HOSTS', cast=list, default=['localhost', '127.0.0.1', '.lesspass.com'])
 
 ADMIN = [('Guillaume Vincent', 'guillaume@oslab.fr'), ]
 
@@ -177,3 +177,5 @@ DJOSER = {
 }
 
 SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
+SESSION_COOKIE_SECURE = True
+CSRF_COOKIE_SECURE = True