--- a/{{cookiecutter.project_slug}}/{{cookiecutter.webapp_name}}/__init__.py Thu Mar 22 15:46:33 2018 +0100
+++ b/{{cookiecutter.project_slug}}/{{cookiecutter.webapp_name}}/__init__.py Thu Mar 22 17:53:04 2018 +0100
@@ -22,6 +22,7 @@
from pyramid.authorization import ACLAuthorizationPolicy
from pyramid.config import Configurator
from pyramid.csrf import CookieCSRFStoragePolicy
+from pyramid.settings import asbool
def main(global_config, **settings):
@@ -35,8 +36,7 @@
authn_policy = PyAMSAuthenticationPolicy(secret='PyAMS 0.1.0',
http_only=True,
- secure=True, # remove in development environment
- # if you don't use HTTPS
+ secure=asbool(settings.get('pyams.authentication_policy.secure', True)),
credentials=('http',))
config.set_authentication_policy(authn_policy)
config.set_authorization_policy(ACLAuthorizationPolicy())