Freeze Break request: set httponly True in all our TG1 apps
seth vidal
skvidal at fedoraproject.org
Fri Mar 23 18:23:09 UTC 2012
On Fri, 23 Mar 2012 12:22:04 -0600
Kevin Fenzi <kevin at scrye.com> wrote:
> Greetings.
>
> See this ticket for some background:
>
> https://fedorahosted.org/fedora-infrastructure/ticket/3022
>
> I have tested all these in staging, so I don't think there will be any
> issues with anything, but if so we can always revert pretty easily.
> I also set secure on all our TG1 apps that didn't have that set.
>
> +1s?
>
> kevin
> --
> diff --git a/modules/bodhi/templates/bodhi-prod.cfg.erb
> b/modules/bodhi/templates/bodhi-prod.cfg.erb index 9c176de..d554253
> 100644 --- a/modules/bodhi/templates/bodhi-prod.cfg.erb
> +++ b/modules/bodhi/templates/bodhi-prod.cfg.erb
> @@ -71,6 +71,7 @@
> identity.saprovider.model.visit="fedora.accounts.tgfas.VisitIdentity"
> visit.manager="jsonfas2"
> visit.saprovider.model="fedora.accounts.tgfas.Visit"
> visit.cookie.secure = True +visit.cookie.httponly = True
>
> # Our identity that we use to fetch bugzilla details and such
> bodhi_password='<%= bodhiBugzillaPassword %>'
> diff --git a/modules/elections/templates/elections-prod.cfg.erb
> b/modules/elections/templates/elections-prod.cfg.erb index
> d1bfc24..0b379fd 100644 ---
> a/modules/elections/templates/elections-prod.cfg.erb +++
> b/modules/elections/templates/elections-prod.cfg.erb @@ -45,6 +45,9
> @@ autoreload.on=False autoreload.package="elections"
> server.log_to_screen=False
>
> +visit.cookie.secure = True
> +visit.cookie.httponly = True
> +
> # Auto-Reload after code modification
> # autoreload.on = True
>
> diff --git a/modules/fas/templates/fas.cfg.erb
> b/modules/fas/templates/fas.cfg.erb index 08b58ff..3232b40 100644
> --- a/modules/fas/templates/fas.cfg.erb
> +++ b/modules/fas/templates/fas.cfg.erb
> @@ -117,7 +117,7 @@ server.log_to_screen = False
> # Make the session cookie only return to the host over an SSL link
> visit.cookie.secure = True
> session_filter.cookie_secure = True
> -
> +visit.cookie.httponly = True
>
> ###
> ### Communicating to other services
> diff --git
> a/modules/mirrormanager/templates/mirrormanager-prod.cfg.erb
> b/modules/mirrormanager/templates/mirrormanager-prod.cfg.erb index
> 32c3d91..a3674b6 100644 ---
> a/modules/mirrormanager/templates/mirrormanager-prod.cfg.erb +++
> b/modules/mirrormanager/templates/mirrormanager-prod.cfg.erb @@ -61,6
> +61,7 @@
> identity.saprovider.model.visit="fedora.accounts.tgfas.VisitIdentity"
> visit.manager="jsonfas2"
> visit.saprovider.model="fedora.accounts.tgfas.Visit"
> visit.cookie.secure = True +visit.cookie.httponly = True
> mirrormanager.admin_group = 'sysadmin-web'
> mirrormanager.max_stale_days = 2 diff --git
> a/modules/smolt/templates/prod.cfg.erb
> b/modules/smolt/templates/prod.cfg.erb index 0e10dbd..2c34b3d 100644
> --- a/modules/smolt/templates/prod.cfg.erb +++
> b/modules/smolt/templates/prod.cfg.erb @@ -60,6 +60,9 @@
> tg.strict_parameters = True tg.ignore_parameters = ["_csrf_token"]
> tg.scheduler = True
>
> +visit.cookie.secure = True
> +visit.cookie.httponly = True
> +
> # LOGGING
> # Logging configuration generally follows the style of the standard
> # Python logging module configuration. Note that when specifying
+1
-sv
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 190 bytes
Desc: not available
URL: <http://lists.fedoraproject.org/pipermail/infrastructure/attachments/20120323/d409795a/attachment.sig>
More information about the infrastructure
mailing list