Make other flask session cookies secure

2015-02-04 15:34:31 +01:00 · 2015-02-04 15:34:31 +01:00 · 73b1222f6b
commit 73b1222f6b
parent 4a2e0ab67b
8 changed files with 24 additions and 0 deletions
--- a/roles/anitya/backend/templates/anitya.cfg
+++ b/roles/anitya/backend/templates/anitya.cfg
@ -24,3 +24,6 @@ CNUCNU_WEB_FEDORA_OPENID = 'https://id.fedoraproject.org'

 # This is required to fix login
 PREFERRED_URL_SCHEME='https'
+
+# Make browsers send session cookie only via HTTPS
+SESSION_COOKIE_SECURE = True
--- a/roles/anitya/backend/templates/anitya_admin.cfg
+++ b/roles/anitya/backend/templates/anitya_admin.cfg
@ -24,3 +24,6 @@ CNUCNU_WEB_FEDORA_OPENID = 'https://id.fedoraproject.org'

 # This is required to fix login
 PREFERRED_URL_SCHEME='https'
+
+# Make browsers send session cookie only via HTTPS
+SESSION_COOKIE_SECURE = True
--- a/roles/blockerbugs/templates/blockerbugs-settings.py.j2
+++ b/roles/blockerbugs/templates/blockerbugs-settings.py.j2
@ -21,3 +21,6 @@ STREAM_LOGGING = False

 # to fix login issue for folks who are part of many FAS groups
 PREFERRED_URL_SCHEME='https'
+
+# Make browsers send session cookie only via HTTPS
+SESSION_COOKIE_SECURE = True
--- a/roles/elections/templates/fedora-elections.cfg
+++ b/roles/elections/templates/fedora-elections.cfg
@ -31,6 +31,9 @@ FAS_CHECK_CERT = True
 # This is required to fix login
 PREFERRED_URL_SCHEME='https'

+# Make browsers send session cookie only via HTTPS
+SESSION_COOKIE_SECURE = True
+
 DOGPILE_CACHE = {
    'backend': 'dogpile.cache.memcached',
    'arguments': {
--- a/roles/fedocal/templates/fedocal.cfg
+++ b/roles/fedocal/templates/fedocal.cfg
@ -33,6 +33,9 @@ PATH_ALEMBIC_INI='/etc/fedocal/alembic.ini'
 # This is required to fix login
 PREFERRED_URL_SCHEME='https'

+# Make browsers send session cookie only via HTTPS
+SESSION_COOKIE_SECURE = True
+
 {% if env == 'staging' %}
 APP_URL = 'https://apps.stg.fedoraproject.org/calendar/'
 FAS_OPENID_ENDPOINT = 'https://id.stg.fedoraproject.org/'
--- a/roles/kerneltest/templates/kerneltest.cfg
+++ b/roles/kerneltest/templates/kerneltest.cfg
@ -32,6 +32,9 @@ MAX_CONTENT_LENGTH = 1024 * 10
 # This is required to fix login
 PREFERRED_URL_SCHEME='https'

+# Make browsers send session cookie only via HTTPS
+SESSION_COOKIE_SECURE = True
+
 {% if env == 'staging' %}
 FAS_OPENID_ENDPOINT = 'https://id.stg.fedoraproject.org/'
 {% endif %}
--- a/roles/nuancier/templates/nuancier.cfg
+++ b/roles/nuancier/templates/nuancier.cfg
@ -46,6 +46,9 @@ THUMB_SIZE = (256, 256)
 # This is required to fix login in stg
 PREFERRED_URL_SCHEME='https'

+# Make browsers send session cookie only via HTTPS
+SESSION_COOKIE_SECURE = True
+
 # dogpile.cache configuration to work with memcached
 NUANCIER_CACHE_BACKEND = 'dogpile.cache.memcached'
 NUANCIER_CACHE_KWARGS = {'arguments' : {
--- a/roles/tagger/templates/fedoratagger.cfg.j2
+++ b/roles/tagger/templates/fedoratagger.cfg.j2
@ -12,6 +12,9 @@ FAS_OPENID_ENDPOINT = 'http://id.fedoraproject.org'
 # This is required for openid to work in stg.  Might as well for prod too.
 PREFERRED_URL_SCHEME = 'https'

+# Make browsers send session cookie only via HTTPS
+SESSION_COOKIE_SECURE = True
+
 # Stuff for toscawidgets2
 RES_PREFIX = '/tagger/_res/'