Merge pull request #22 from Carreau/secure-cookie

Set secure cookie by default if login handler is hit.
11 years ago · c6f9974faf
parent 4a88f415ec 63b9a1619c
commit c6f9974faf
1 changed files with 7 additions and 1 deletions
--- a/jupyter_notebook/auth/login.py
+++ b/jupyter_notebook/auth/login.py
@ -37,7 +37,13 @@ class LoginHandler(IPythonHandler):
        typed_password = self.get_argument('password', default=u'')
        if self.login_available(self.settings):
            if passwd_check(self.hashed_password, typed_password):
-                self.set_secure_cookie(self.cookie_name, str(uuid.uuid4()))
+                # tornado <4.2 have a bug that consider secure==True as soon as 
+                # 'secure' kwarg is passed to set_secure_cookie
+                if self.settings.get('secure_cookie', self.request.protocol == 'https'):
+                    kwargs = {'secure':True}
+                else:
+                    kwargs = {}
+                self.set_secure_cookie(self.cookie_name, str(uuid.uuid4()), **kwargs)
            else:
                self._render(message={'error': 'Invalid password'})
                return