+1 -Toshio On Fri, Mar 23, 2012 at 02:23:09PM -0400, seth vidal wrote: > On Fri, 23 Mar 2012 12:22:04 -0600 > Kevin Fenzi <kevin@xxxxxxxxx> wrote: > > > Greetings. > > > > See this ticket for some background: > > > > https://fedorahosted.org/fedora-infrastructure/ticket/3022 > > > > I have tested all these in staging, so I don't think there will be any > > issues with anything, but if so we can always revert pretty easily. > > I also set secure on all our TG1 apps that didn't have that set. > > > > +1s? > > > > kevin > > -- > > diff --git a/modules/bodhi/templates/bodhi-prod.cfg.erb > > b/modules/bodhi/templates/bodhi-prod.cfg.erb index 9c176de..d554253 > > 100644 --- a/modules/bodhi/templates/bodhi-prod.cfg.erb > > +++ b/modules/bodhi/templates/bodhi-prod.cfg.erb > > @@ -71,6 +71,7 @@ > > identity.saprovider.model.visit="fedora.accounts.tgfas.VisitIdentity" > > visit.manager="jsonfas2" > > visit.saprovider.model="fedora.accounts.tgfas.Visit" > > visit.cookie.secure = True +visit.cookie.httponly = True > > > > # Our identity that we use to fetch bugzilla details and such > > bodhi_password='<%= bodhiBugzillaPassword %>' > > diff --git a/modules/elections/templates/elections-prod.cfg.erb > > b/modules/elections/templates/elections-prod.cfg.erb index > > d1bfc24..0b379fd 100644 --- > > a/modules/elections/templates/elections-prod.cfg.erb +++ > > b/modules/elections/templates/elections-prod.cfg.erb @@ -45,6 +45,9 > > @@ autoreload.on=False autoreload.package="elections" > > server.log_to_screen=False > > > > +visit.cookie.secure = True > > +visit.cookie.httponly = True > > + > > # Auto-Reload after code modification > > # autoreload.on = True > > > > diff --git a/modules/fas/templates/fas.cfg.erb > > b/modules/fas/templates/fas.cfg.erb index 08b58ff..3232b40 100644 > > --- a/modules/fas/templates/fas.cfg.erb > > +++ b/modules/fas/templates/fas.cfg.erb > > @@ -117,7 +117,7 @@ server.log_to_screen = False > > # Make the session cookie only return to the host over an SSL link > > visit.cookie.secure = True > > session_filter.cookie_secure = True > > - > > +visit.cookie.httponly = True > > > > ### > > ### Communicating to other services > > diff --git > > a/modules/mirrormanager/templates/mirrormanager-prod.cfg.erb > > b/modules/mirrormanager/templates/mirrormanager-prod.cfg.erb index > > 32c3d91..a3674b6 100644 --- > > a/modules/mirrormanager/templates/mirrormanager-prod.cfg.erb +++ > > b/modules/mirrormanager/templates/mirrormanager-prod.cfg.erb @@ -61,6 > > +61,7 @@ > > identity.saprovider.model.visit="fedora.accounts.tgfas.VisitIdentity" > > visit.manager="jsonfas2" > > visit.saprovider.model="fedora.accounts.tgfas.Visit" > > visit.cookie.secure = True +visit.cookie.httponly = True > > mirrormanager.admin_group = 'sysadmin-web' > > mirrormanager.max_stale_days = 2 diff --git > > a/modules/smolt/templates/prod.cfg.erb > > b/modules/smolt/templates/prod.cfg.erb index 0e10dbd..2c34b3d 100644 > > --- a/modules/smolt/templates/prod.cfg.erb +++ > > b/modules/smolt/templates/prod.cfg.erb @@ -60,6 +60,9 @@ > > tg.strict_parameters = True tg.ignore_parameters = ["_csrf_token"] > > tg.scheduler = True > > > > +visit.cookie.secure = True > > +visit.cookie.httponly = True > > + > > # LOGGING > > # Logging configuration generally follows the style of the standard > > # Python logging module configuration. Note that when specifying > > > +1 > > -sv > _______________________________________________ > infrastructure mailing list > infrastructure@xxxxxxxxxxxxxxxxxxxxxxx > https://admin.fedoraproject.org/mailman/listinfo/infrastructure
Attachment:
pgpd1gouAJzay.pgp
Description: PGP signature
_______________________________________________ infrastructure mailing list infrastructure@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/infrastructure
