Greetings. See this ticket for some background: https://fedorahosted.org/fedora-infrastructure/ticket/3022 I have tested all these in staging, so I don't think there will be any issues with anything, but if so we can always revert pretty easily. I also set secure on all our TG1 apps that didn't have that set. +1s? kevin -- diff --git a/modules/bodhi/templates/bodhi-prod.cfg.erb b/modules/bodhi/templates/bodhi-prod.cfg.erb index 9c176de..d554253 100644 --- a/modules/bodhi/templates/bodhi-prod.cfg.erb +++ b/modules/bodhi/templates/bodhi-prod.cfg.erb @@ -71,6 +71,7 @@ identity.saprovider.model.visit="fedora.accounts.tgfas.VisitIdentity" visit.manager="jsonfas2" visit.saprovider.model="fedora.accounts.tgfas.Visit" visit.cookie.secure = True +visit.cookie.httponly = True # Our identity that we use to fetch bugzilla details and such bodhi_password='<%= bodhiBugzillaPassword %>' diff --git a/modules/elections/templates/elections-prod.cfg.erb b/modules/elections/templates/elections-prod.cfg.erb index d1bfc24..0b379fd 100644 --- a/modules/elections/templates/elections-prod.cfg.erb +++ b/modules/elections/templates/elections-prod.cfg.erb @@ -45,6 +45,9 @@ autoreload.on=False autoreload.package="elections" server.log_to_screen=False +visit.cookie.secure = True +visit.cookie.httponly = True + # Auto-Reload after code modification # autoreload.on = True diff --git a/modules/fas/templates/fas.cfg.erb b/modules/fas/templates/fas.cfg.erb index 08b58ff..3232b40 100644 --- a/modules/fas/templates/fas.cfg.erb +++ b/modules/fas/templates/fas.cfg.erb @@ -117,7 +117,7 @@ server.log_to_screen = False # Make the session cookie only return to the host over an SSL link visit.cookie.secure = True session_filter.cookie_secure = True - +visit.cookie.httponly = True ### ### Communicating to other services diff --git a/modules/mirrormanager/templates/mirrormanager-prod.cfg.erb b/modules/mirrormanager/templates/mirrormanager-prod.cfg.erb index 32c3d91..a3674b6 100644 --- a/modules/mirrormanager/templates/mirrormanager-prod.cfg.erb +++ b/modules/mirrormanager/templates/mirrormanager-prod.cfg.erb @@ -61,6 +61,7 @@ identity.saprovider.model.visit="fedora.accounts.tgfas.VisitIdentity" visit.manager="jsonfas2" visit.saprovider.model="fedora.accounts.tgfas.Visit" visit.cookie.secure = True +visit.cookie.httponly = True mirrormanager.admin_group = 'sysadmin-web' mirrormanager.max_stale_days = 2 diff --git a/modules/smolt/templates/prod.cfg.erb b/modules/smolt/templates/prod.cfg.erb index 0e10dbd..2c34b3d 100644 --- a/modules/smolt/templates/prod.cfg.erb +++ b/modules/smolt/templates/prod.cfg.erb @@ -60,6 +60,9 @@ tg.strict_parameters = True tg.ignore_parameters = ["_csrf_token"] tg.scheduler = True +visit.cookie.secure = True +visit.cookie.httponly = True + # LOGGING # Logging configuration generally follows the style of the standard # Python logging module configuration. Note that when specifying
Attachment:
signature.asc
Description: PGP signature
_______________________________________________ infrastructure mailing list infrastructure@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/infrastructure
