From 18709a7689e3de0a71ecc93897953dc59ecffa9b Mon Sep 17 00:00:00 2001
From: Patrick Uiterwijk <patrick@puiterwijk.org>
Date: Thu, 30 May 2019 22:06:47 +0200
Subject: [PATCH] FAS: Disable sessions (and thus translations)

This will disable translations, but is required to get a score of B or higher from oberservatory.
This is because CherryPY 2.3.0 just does not support setting HttpOnly for the session_filter.

Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
---
 roles/fas_server/templates/fas.cfg.j2 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/fas_server/templates/fas.cfg.j2 b/roles/fas_server/templates/fas.cfg.j2
index ae4cf2dd98..23559c307e 100644
--- a/roles/fas_server/templates/fas.cfg.j2
+++ b/roles/fas_server/templates/fas.cfg.j2
@@ -155,7 +155,7 @@ server.socket_queue_size=30
 
 # Needed for translations
 ### Q for ricky: Should this move to app.cfg?
-session_filter.on = True
+session_filter.on = False
 
 # Set to True if you'd like to abort execution if a controller gets an
 # unexpected parameter. False by default