Make the remaining flask applications send the cookie over https only

2015-02-04 15:27:56 +01:00 · 2015-02-04 15:27:56 +01:00 · f05af51730
commit f05af51730
parent 73b1222f6b
2 changed files with 4 additions and 1 deletions
--- a/roles/anitya/frontend/templates/anitya.cfg
+++ b/roles/anitya/frontend/templates/anitya.cfg
@ -24,3 +24,5 @@ ANITYA_WEB_FEDORA_OPENID = 'https://id.fedoraproject.org'

 # This is required to fix login
 PREFERRED_URL_SCHEME='https'
+# Make browsers send session cookie only via HTTPS
+SESSION_COOKIE_SECURE=True
--- a/roles/mirrormanager/frontend2/templates/mirrormanager2.cfg
+++ b/roles/mirrormanager/frontend2/templates/mirrormanager2.cfg
@ -23,7 +23,8 @@ SECRET_KEY = '{{ mirrormanager_secret_key }}'
 # This should be kept really secret!
 PASSWORD_SEED = "{{ mirrormanager_password_seed }}"

-
+# Make browsers send session cookie only via HTTPS
+SESSION_COOKIE_SECURE=True

 ###
 # Other configuration items for the web-app