From cb881ed6409f0f768f721af549ad55dc471b5e01 Mon Sep 17 00:00:00 2001
From: Ethan Dalool <git@voussoir.net>
Date: Wed, 9 Sep 2020 19:19:35 -0700
Subject: [PATCH] Add httponly to session cookie.

---
 frontends/etiquette_flask/backend/sessions.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/frontends/etiquette_flask/backend/sessions.py b/frontends/etiquette_flask/backend/sessions.py
index 2092c4b..60f90c1 100644
--- a/frontends/etiquette_flask/backend/sessions.py
+++ b/frontends/etiquette_flask/backend/sessions.py
@@ -93,6 +93,7 @@ class SessionManager:
                     'etiquette_session',
                     value=session.token,
                     max_age=SESSION_MAX_AGE,
+                    httponly=True,
                 )
 
             return response