The default value for SESSION_COOKIE_SECURE is False, but the deployment
guide advises changing it to True.
** Changed in: horizon
Status: Incomplete => Won't Fix
** Changed in: horizon
Assignee: Kent Wang (k.wang) => (unassigned)
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Dashboard (Horizon).
https://bugs.launchpad.net/bugs/1369870
Title:
The "message" cookie is not marked as "secure"
Status in OpenStack Dashboard (Horizon):
Won't Fix
Bug description:
The message cookie is not marked as 'secure', as identified by the
following security report. If might contain sensitive information,
and would benefit from being marked as secure.
---
Affected URL: https://Ip_address/settings/
Affected Entity: messages, django_timezone, horizon_pagesize, and
horizon_language
Risk: It may be possible to steal user and session information (cookies) that
was sent during an encrypted session
Causes: The web application sends non-secure cookies over SSL
Recommend Fix: Add the 'Secure' attribute to all sensitive cookies
To manage notifications about this bug go to:
https://bugs.launchpad.net/horizon/+bug/1369870/+subscriptions
--
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : [email protected]
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help : https://help.launchpad.net/ListHelp
