Andrew Bogott has submitted this change and it was merged. Change subject: Horizon: Update session config ......................................................................
Horizon: Update session config This is an attempt to use secure cookies and prolong the session lifespan. Bug: T130621 Change-Id: I32211fa75a3ffe9fcd93b2f9e394eb39fa96bc05 --- M modules/openstack/templates/liberty/horizon/local_settings.py.erb 1 file changed, 4 insertions(+), 6 deletions(-) Approvals: Andrew Bogott: Looks good to me, approved jenkins-bot: Verified diff --git a/modules/openstack/templates/liberty/horizon/local_settings.py.erb b/modules/openstack/templates/liberty/horizon/local_settings.py.erb index ed8ff3e..5b74200 100644 --- a/modules/openstack/templates/liberty/horizon/local_settings.py.erb +++ b/modules/openstack/templates/liberty/horizon/local_settings.py.erb @@ -27,13 +27,11 @@ # https://docs.djangoproject.com/en/1.4/ref/settings/#secure-proxy-ssl-header # SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTOCOL', 'https') -# If Horizon is being served through SSL, then uncomment the following two -# settings to better secure the cookies from security exploits -#CSRF_COOKIE_SECURE = True -#SESSION_COOKIE_SECURE = True - # SESSION_TIMEOUT is in seconds and defaults to 1800. This is seven days: SESSION_TIMEOUT = 604800 +SESSION_COOKIE_AGE = 604800 +CSRF_COOKIE_SECURE = True +SESSION_COOKIE_SECURE = True # Overrides for OpenStack API versions. Use this setting to force the # OpenStack dashboard to use a specific API version for a given service API. @@ -527,4 +525,4 @@ DESIGNATE = { 'records_use_fips': True } WMFLABSDOTORG_ADMIN_USERNAME = '<%= @designateconfig['wmflabsdotorg_admin'] %>' -WMFLABSDOTORG_ADMIN_PASSWORD = '<%= @designateconfig['wmflabsdotorg_pass'] %>' \ No newline at end of file +WMFLABSDOTORG_ADMIN_PASSWORD = '<%= @designateconfig['wmflabsdotorg_pass'] %>' -- To view, visit https://gerrit.wikimedia.org/r/279186 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: merged Gerrit-Change-Id: I32211fa75a3ffe9fcd93b2f9e394eb39fa96bc05 Gerrit-PatchSet: 2 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Andrew Bogott <[email protected]> Gerrit-Reviewer: Andrew Bogott <[email protected]> Gerrit-Reviewer: Hashar <[email protected]> Gerrit-Reviewer: jenkins-bot <> _______________________________________________ MediaWiki-commits mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
