maya-chen/flask
1
0
Fork 0
forked from orbit-oss/flask
Code Pull requests Activity

fix links

Browse source
This commit is contained in:
David Lord 2017-08-01 08:47:56 -07:00
parent 1c35b98f0b
commit 97ad085912
No known key found for this signature in database
GPG key ID: 7A1C87E3F5BC42A8
2 changed files with 9 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

3
docs/conf.py
View file

@ -267,9 +267,10 @@ intersphinx_mapping = {
'werkzeug': ('http://werkzeug.pocoo.org/docs/', None),
'click': ('http://click.pocoo.org/', None),
'jinja': ('http://jinja.pocoo.org/docs/', None),
'itsdangerous': ('https://pythonhosted.org/itsdangerous', None),
'sqlalchemy': ('https://docs.sqlalchemy.org/en/latest/', None),
'wtforms': ('https://wtforms.readthedocs.io/en/latest/', None),
'blinker': ('https://pythonhosted.org/blinker/', None)
'blinker': ('https://pythonhosted.org/blinker/', None),
}
html_theme_options = {

14
docs/security.rst
View file

@ -213,11 +213,11 @@ option is set, the cookie will be removed when the browser is closed. ::
# cookie expires after 10 minutes
response.set_cookie('snakes', '3', max_age=600)
For the session cookie, if ``session.permanent`` is set, then
:data:`SESSION_COOKIE_LIFETIME` is used to set the expiration. Flask's default
cookie implementation validates that the cryptographic signature is not older
than this value. Lowering this value may help mitigate replay attacks, where
intercepted cookies can be sent at a later time. ::
For the session cookie, if :attr:`session.permanent <flask.session.permanent>`
is set, then :data:`PERMANENT_SESSION_LIFETIME` is used to set the expiration.
Flask's default cookie implementation validates that the cryptographic
signature is not older than this value. Lowering this value may help mitigate
replay attacks, where intercepted cookies can be sent at a later time. ::
app.config.update(
PERMANENT_SESSION_LIFETIME=600
@ -231,8 +231,8 @@ intercepted cookies can be sent at a later time. ::
session.permanent = True
...
Use :class:`TimedSerializer` to sign and validate other cookie values (or any
values that need secure signatures).
Use :class:`itsdangerous.TimedSerializer` to sign and validate other cookie
values (or any values that need secure signatures).
- https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies
- https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie