Freeze Break request: set httponly True in all our TG1 apps
Kevin Fenzi
kevin at scrye.com
Fri Mar 23 18:22:04 UTC 2012
Greetings.
See this ticket for some background:
https://fedorahosted.org/fedora-infrastructure/ticket/3022
I have tested all these in staging, so I don't think there will be any
issues with anything, but if so we can always revert pretty easily.
I also set secure on all our TG1 apps that didn't have that set.
+1s?
kevin
--
diff --git a/modules/bodhi/templates/bodhi-prod.cfg.erb b/modules/bodhi/templates/bodhi-prod.cfg.erb
index 9c176de..d554253 100644
--- a/modules/bodhi/templates/bodhi-prod.cfg.erb
+++ b/modules/bodhi/templates/bodhi-prod.cfg.erb
@@ -71,6 +71,7 @@ identity.saprovider.model.visit="fedora.accounts.tgfas.VisitIdentity"
visit.manager="jsonfas2"
visit.saprovider.model="fedora.accounts.tgfas.Visit"
visit.cookie.secure = True
+visit.cookie.httponly = True
# Our identity that we use to fetch bugzilla details and such
bodhi_password='<%= bodhiBugzillaPassword %>'
diff --git a/modules/elections/templates/elections-prod.cfg.erb b/modules/elections/templates/elections-prod.cfg.erb
index d1bfc24..0b379fd 100644
--- a/modules/elections/templates/elections-prod.cfg.erb
+++ b/modules/elections/templates/elections-prod.cfg.erb
@@ -45,6 +45,9 @@ autoreload.on=False
autoreload.package="elections"
server.log_to_screen=False
+visit.cookie.secure = True
+visit.cookie.httponly = True
+
# Auto-Reload after code modification
# autoreload.on = True
diff --git a/modules/fas/templates/fas.cfg.erb b/modules/fas/templates/fas.cfg.erb
index 08b58ff..3232b40 100644
--- a/modules/fas/templates/fas.cfg.erb
+++ b/modules/fas/templates/fas.cfg.erb
@@ -117,7 +117,7 @@ server.log_to_screen = False
# Make the session cookie only return to the host over an SSL link
visit.cookie.secure = True
session_filter.cookie_secure = True
-
+visit.cookie.httponly = True
###
### Communicating to other services
diff --git a/modules/mirrormanager/templates/mirrormanager-prod.cfg.erb b/modules/mirrormanager/templates/mirrormanager-prod.cfg.erb
index 32c3d91..a3674b6 100644
--- a/modules/mirrormanager/templates/mirrormanager-prod.cfg.erb
+++ b/modules/mirrormanager/templates/mirrormanager-prod.cfg.erb
@@ -61,6 +61,7 @@ identity.saprovider.model.visit="fedora.accounts.tgfas.VisitIdentity"
visit.manager="jsonfas2"
visit.saprovider.model="fedora.accounts.tgfas.Visit"
visit.cookie.secure = True
+visit.cookie.httponly = True
mirrormanager.admin_group = 'sysadmin-web'
mirrormanager.max_stale_days = 2
diff --git a/modules/smolt/templates/prod.cfg.erb b/modules/smolt/templates/prod.cfg.erb
index 0e10dbd..2c34b3d 100644
--- a/modules/smolt/templates/prod.cfg.erb
+++ b/modules/smolt/templates/prod.cfg.erb
@@ -60,6 +60,9 @@ tg.strict_parameters = True
tg.ignore_parameters = ["_csrf_token"]
tg.scheduler = True
+visit.cookie.secure = True
+visit.cookie.httponly = True
+
# LOGGING
# Logging configuration generally follows the style of the standard
# Python logging module configuration. Note that when specifying
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: not available
URL: <http://lists.fedoraproject.org/pipermail/infrastructure/attachments/20120323/6a28b7f2/attachment-0001.sig>
More information about the infrastructure
mailing list