Re: Freeze Break request: set httponly True in all our TG1 apps

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, 23 Mar 2012 12:22:04 -0600
Kevin Fenzi <kevin@xxxxxxxxx> wrote:

> Greetings. 
> 
> See this ticket for some background: 
> 
> https://fedorahosted.org/fedora-infrastructure/ticket/3022
> 
> I have tested all these in staging, so I don't think there will be any
> issues with anything, but if so we can always revert pretty easily. 
> I also set secure on all our TG1 apps that didn't have that set. 
> 
> +1s? 
> 
> kevin
> --
> diff --git a/modules/bodhi/templates/bodhi-prod.cfg.erb
> b/modules/bodhi/templates/bodhi-prod.cfg.erb index 9c176de..d554253
> 100644 --- a/modules/bodhi/templates/bodhi-prod.cfg.erb
> +++ b/modules/bodhi/templates/bodhi-prod.cfg.erb
> @@ -71,6 +71,7 @@
> identity.saprovider.model.visit="fedora.accounts.tgfas.VisitIdentity"
> visit.manager="jsonfas2"
> visit.saprovider.model="fedora.accounts.tgfas.Visit"
> visit.cookie.secure = True +visit.cookie.httponly = True
>  
>  # Our identity that we use to fetch bugzilla details and such
>  bodhi_password='<%= bodhiBugzillaPassword %>'
> diff --git a/modules/elections/templates/elections-prod.cfg.erb
> b/modules/elections/templates/elections-prod.cfg.erb index
> d1bfc24..0b379fd 100644 ---
> a/modules/elections/templates/elections-prod.cfg.erb +++
> b/modules/elections/templates/elections-prod.cfg.erb @@ -45,6 +45,9
> @@ autoreload.on=False autoreload.package="elections"
>  server.log_to_screen=False
>  
> +visit.cookie.secure = True
> +visit.cookie.httponly = True
> +
>  # Auto-Reload after code modification
>  # autoreload.on = True
>  
> diff --git a/modules/fas/templates/fas.cfg.erb
> b/modules/fas/templates/fas.cfg.erb index 08b58ff..3232b40 100644
> --- a/modules/fas/templates/fas.cfg.erb
> +++ b/modules/fas/templates/fas.cfg.erb
> @@ -117,7 +117,7 @@ server.log_to_screen = False
>  # Make the session cookie only return to the host over an SSL link
>  visit.cookie.secure = True
>  session_filter.cookie_secure = True
> -
> +visit.cookie.httponly = True
>  
>  ###
>  ### Communicating to other services
> diff --git
> a/modules/mirrormanager/templates/mirrormanager-prod.cfg.erb
> b/modules/mirrormanager/templates/mirrormanager-prod.cfg.erb index
> 32c3d91..a3674b6 100644 ---
> a/modules/mirrormanager/templates/mirrormanager-prod.cfg.erb +++
> b/modules/mirrormanager/templates/mirrormanager-prod.cfg.erb @@ -61,6
> +61,7 @@
> identity.saprovider.model.visit="fedora.accounts.tgfas.VisitIdentity"
> visit.manager="jsonfas2"
> visit.saprovider.model="fedora.accounts.tgfas.Visit"
> visit.cookie.secure = True +visit.cookie.httponly = True
> mirrormanager.admin_group = 'sysadmin-web'
> mirrormanager.max_stale_days = 2 diff --git
> a/modules/smolt/templates/prod.cfg.erb
> b/modules/smolt/templates/prod.cfg.erb index 0e10dbd..2c34b3d 100644
> --- a/modules/smolt/templates/prod.cfg.erb +++
> b/modules/smolt/templates/prod.cfg.erb @@ -60,6 +60,9 @@
> tg.strict_parameters = True tg.ignore_parameters = ["_csrf_token"]
>  tg.scheduler = True
>  
> +visit.cookie.secure = True
> +visit.cookie.httponly = True
> +
>  # LOGGING
>  # Logging configuration generally follows the style of the standard
>  # Python logging module configuration. Note that when specifying


+1

-sv

Attachment: signature.asc
Description: PGP signature

_______________________________________________
infrastructure mailing list
infrastructure@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/infrastructure

[Index of Archives]     [Fedora Development]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [KDE Users]

  Powered by Linux