On Fri, 23 Mar 2012 12:22:04 -0600 Kevin Fenzi <kevin@xxxxxxxxx> wrote: > Greetings. > > See this ticket for some background: > > https://fedorahosted.org/fedora-infrastructure/ticket/3022 > > I have tested all these in staging, so I don't think there will be any > issues with anything, but if so we can always revert pretty easily. > I also set secure on all our TG1 apps that didn't have that set. > > +1s? > > kevin > -- > diff --git a/modules/bodhi/templates/bodhi-prod.cfg.erb > b/modules/bodhi/templates/bodhi-prod.cfg.erb index 9c176de..d554253 > 100644 --- a/modules/bodhi/templates/bodhi-prod.cfg.erb > +++ b/modules/bodhi/templates/bodhi-prod.cfg.erb > @@ -71,6 +71,7 @@ > identity.saprovider.model.visit="fedora.accounts.tgfas.VisitIdentity" > visit.manager="jsonfas2" > visit.saprovider.model="fedora.accounts.tgfas.Visit" > visit.cookie.secure = True +visit.cookie.httponly = True > > # Our identity that we use to fetch bugzilla details and such > bodhi_password='<%= bodhiBugzillaPassword %>' > diff --git a/modules/elections/templates/elections-prod.cfg.erb > b/modules/elections/templates/elections-prod.cfg.erb index > d1bfc24..0b379fd 100644 --- > a/modules/elections/templates/elections-prod.cfg.erb +++ > b/modules/elections/templates/elections-prod.cfg.erb @@ -45,6 +45,9 > @@ autoreload.on=False autoreload.package="elections" > server.log_to_screen=False > > +visit.cookie.secure = True > +visit.cookie.httponly = True > + > # Auto-Reload after code modification > # autoreload.on = True > > diff --git a/modules/fas/templates/fas.cfg.erb > b/modules/fas/templates/fas.cfg.erb index 08b58ff..3232b40 100644 > --- a/modules/fas/templates/fas.cfg.erb > +++ b/modules/fas/templates/fas.cfg.erb > @@ -117,7 +117,7 @@ server.log_to_screen = False > # Make the session cookie only return to the host over an SSL link > visit.cookie.secure = True > session_filter.cookie_secure = True > - > +visit.cookie.httponly = True > > ### > ### Communicating to other services > diff --git > a/modules/mirrormanager/templates/mirrormanager-prod.cfg.erb > b/modules/mirrormanager/templates/mirrormanager-prod.cfg.erb index > 32c3d91..a3674b6 100644 --- > a/modules/mirrormanager/templates/mirrormanager-prod.cfg.erb +++ > b/modules/mirrormanager/templates/mirrormanager-prod.cfg.erb @@ -61,6 > +61,7 @@ > identity.saprovider.model.visit="fedora.accounts.tgfas.VisitIdentity" > visit.manager="jsonfas2" > visit.saprovider.model="fedora.accounts.tgfas.Visit" > visit.cookie.secure = True +visit.cookie.httponly = True > mirrormanager.admin_group = 'sysadmin-web' > mirrormanager.max_stale_days = 2 diff --git > a/modules/smolt/templates/prod.cfg.erb > b/modules/smolt/templates/prod.cfg.erb index 0e10dbd..2c34b3d 100644 > --- a/modules/smolt/templates/prod.cfg.erb +++ > b/modules/smolt/templates/prod.cfg.erb @@ -60,6 +60,9 @@ > tg.strict_parameters = True tg.ignore_parameters = ["_csrf_token"] > tg.scheduler = True > > +visit.cookie.secure = True > +visit.cookie.httponly = True > + > # LOGGING > # Logging configuration generally follows the style of the standard > # Python logging module configuration. Note that when specifying +1 -sv
Attachment:
signature.asc
Description: PGP signature
_______________________________________________ infrastructure mailing list infrastructure@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/infrastructure
