From 8070680184f5a06c917e373b4cb14c1ebd6e4530 Mon Sep 17 00:00:00 2001
From: Keegan McAllister <keegan@humbughq.com>
Date: Wed, 17 Oct 2012 16:35:35 -0400
Subject: [PATCH] Set the 'secure' flag on Django cookies

(imported from commit b563f62e2b185a8195daf212574c30f6e252900e)
---
 humbug/settings.py | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/humbug/settings.py b/humbug/settings.py
index 6b823f9511..6cf3135888 100644
--- a/humbug/settings.py
+++ b/humbug/settings.py
@@ -76,6 +76,14 @@ SECRET_KEY = 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'
 # username generation.
 HASH_SALT = 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'
 
+# Tell the browser to never send our cookies without encryption, e.g.
+# when executing the initial http -> https redirect.
+#
+# Turn it off for local testing because we don't have SSL.
+if deployed:
+    SESSION_COOKIE_SECURE = True
+    CSRF_COOKIE_SECURE    = True
+
 # List of callables that know how to import templates from various sources.
 TEMPLATE_LOADERS = (
     'django.template.loaders.filesystem.Loader',