Linux Archive - Freeze Break request: set httponly True in all our TG1 apps

Linux Archive (http://www.linux-archive.org/)

- Fedora Infrastructure (http://www.linux-archive.org/fedora-infrastructure/)

- - Freeze Break request: set httponly True in all our TG1 apps (http://www.linux-archive.org/fedora-infrastructure/648160-freeze-break-request-set-httponly-true-all-our-tg1-apps.html)

Freeze Break request: set httponly True in all our TG1 apps

Greetings.

See this ticket for some background:

https://fedorahosted.org/fedora-infrastructure/ticket/3022

I have tested all these in staging, so I don't think there will be any
issues with anything, but if so we can always revert pretty easily.
I also set secure on all our TG1 apps that didn't have that set.

+1s?

kevin
--
diff --git a/modules/bodhi/templates/bodhi-prod.cfg.erb b/modules/bodhi/templates/bodhi-prod.cfg.erb
index 9c176de..d554253 100644
--- a/modules/bodhi/templates/bodhi-prod.cfg.erb
+++ b/modules/bodhi/templates/bodhi-prod.cfg.erb
@@ -71,6 +71,7 @@ identity.saprovider.model.visit="fedora.accounts.t gfas.VisitIdentity"
visit.manager="jsonfas2"
visit.saprovider.model="fedora.accounts.tgfas.Visi t"
visit.cookie.secure = True
+visit.cookie.httponly = True

# Our identity that we use to fetch bugzilla details and such
bodhi_password='<%= bodhiBugzillaPassword %>'
diff --git a/modules/elections/templates/elections-prod.cfg.erb b/modules/elections/templates/elections-prod.cfg.erb
index d1bfc24..0b379fd 100644
--- a/modules/elections/templates/elections-prod.cfg.erb
+++ b/modules/elections/templates/elections-prod.cfg.erb
@@ -45,6 +45,9 @@ autoreload.on=False
autoreload.package="elections"
server.log_to_screen=False

+visit.cookie.secure = True
+visit.cookie.httponly = True
+
# Auto-Reload after code modification
# autoreload.on = True

diff --git a/modules/fas/templates/fas.cfg.erb b/modules/fas/templates/fas.cfg.erb
index 08b58ff..3232b40 100644
--- a/modules/fas/templates/fas.cfg.erb
+++ b/modules/fas/templates/fas.cfg.erb
@@ -117,7 +117,7 @@ server.log_to_screen = False
# Make the session cookie only return to the host over an SSL link
visit.cookie.secure = True
session_filter.cookie_secure = True
-
+visit.cookie.httponly = True

###
### Communicating to other services
diff --git a/modules/mirrormanager/templates/mirrormanager-prod.cfg.erb b/modules/mirrormanager/templates/mirrormanager-prod.cfg.erb
index 32c3d91..a3674b6 100644
--- a/modules/mirrormanager/templates/mirrormanager-prod.cfg.erb
+++ b/modules/mirrormanager/templates/mirrormanager-prod.cfg.erb
@@ -61,6 +61,7 @@ identity.saprovider.model.visit="fedora.accounts.t gfas.VisitIdentity"
visit.manager="jsonfas2"
visit.saprovider.model="fedora.accounts.tgfas.Visi t"
visit.cookie.secure = True
+visit.cookie.httponly = True

mirrormanager.admin_group = 'sysadmin-web'
mirrormanager.max_stale_days = 2
diff --git a/modules/smolt/templates/prod.cfg.erb b/modules/smolt/templates/prod.cfg.erb
index 0e10dbd..2c34b3d 100644
--- a/modules/smolt/templates/prod.cfg.erb
+++ b/modules/smolt/templates/prod.cfg.erb
@@ -60,6 +60,9 @@ tg.strict_parameters = True
tg.ignore_parameters = ["_csrf_token"]
tg.scheduler = True

+visit.cookie.secure = True
+visit.cookie.httponly = True
+
# LOGGING
# Logging configuration generally follows the style of the standard
# Python logging module configuration. Note that when specifying
_______________________________________________
infrastructure mailing list
infrastructure@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/infrastructure

Freeze Break request: set httponly True in all our TG1 apps

On Fri, 23 Mar 2012 12:22:04 -0600
Kevin Fenzi <kevin@scrye.com> wrote:

> Greetings.
>
> See this ticket for some background:
>
> https://fedorahosted.org/fedora-infrastructure/ticket/3022
>
> I have tested all these in staging, so I don't think there will be any
> issues with anything, but if so we can always revert pretty easily.
> I also set secure on all our TG1 apps that didn't have that set.
>
> +1s?
>
> kevin
> --
> diff --git a/modules/bodhi/templates/bodhi-prod.cfg.erb
> b/modules/bodhi/templates/bodhi-prod.cfg.erb index 9c176de..d554253
> 100644 --- a/modules/bodhi/templates/bodhi-prod.cfg.erb
> +++ b/modules/bodhi/templates/bodhi-prod.cfg.erb
> @@ -71,6 +71,7 @@
> identity.saprovider.model.visit="fedora.accounts.t gfas.VisitIdentity"
> visit.manager="jsonfas2"
> visit.saprovider.model="fedora.accounts.tgfas.Visi t"
> visit.cookie.secure = True +visit.cookie.httponly = True
>
> # Our identity that we use to fetch bugzilla details and such
> bodhi_password='<%= bodhiBugzillaPassword %>'
> diff --git a/modules/elections/templates/elections-prod.cfg.erb
> b/modules/elections/templates/elections-prod.cfg.erb index
> d1bfc24..0b379fd 100644 ---
> a/modules/elections/templates/elections-prod.cfg.erb +++
> b/modules/elections/templates/elections-prod.cfg.erb @@ -45,6 +45,9
> @@ autoreload.on=False autoreload.package="elections"
> server.log_to_screen=False
>
> +visit.cookie.secure = True
> +visit.cookie.httponly = True
> +
> # Auto-Reload after code modification
> # autoreload.on = True
>
> diff --git a/modules/fas/templates/fas.cfg.erb
> b/modules/fas/templates/fas.cfg.erb index 08b58ff..3232b40 100644
> --- a/modules/fas/templates/fas.cfg.erb
> +++ b/modules/fas/templates/fas.cfg.erb
> @@ -117,7 +117,7 @@ server.log_to_screen = False
> # Make the session cookie only return to the host over an SSL link
> visit.cookie.secure = True
> session_filter.cookie_secure = True
> -
> +visit.cookie.httponly = True
>
> ###
> ### Communicating to other services
> diff --git
> a/modules/mirrormanager/templates/mirrormanager-prod.cfg.erb
> b/modules/mirrormanager/templates/mirrormanager-prod.cfg.erb index
> 32c3d91..a3674b6 100644 ---
> a/modules/mirrormanager/templates/mirrormanager-prod.cfg.erb +++
> b/modules/mirrormanager/templates/mirrormanager-prod.cfg.erb @@ -61,6
> +61,7 @@
> identity.saprovider.model.visit="fedora.accounts.t gfas.VisitIdentity"
> visit.manager="jsonfas2"
> visit.saprovider.model="fedora.accounts.tgfas.Visi t"
> visit.cookie.secure = True +visit.cookie.httponly = True
> mirrormanager.admin_group = 'sysadmin-web'
> mirrormanager.max_stale_days = 2 diff --git
> a/modules/smolt/templates/prod.cfg.erb
> b/modules/smolt/templates/prod.cfg.erb index 0e10dbd..2c34b3d 100644
> --- a/modules/smolt/templates/prod.cfg.erb +++
> b/modules/smolt/templates/prod.cfg.erb @@ -60,6 +60,9 @@
> tg.strict_parameters = True tg.ignore_parameters = ["_csrf_token"]
> tg.scheduler = True
>
> +visit.cookie.secure = True
> +visit.cookie.httponly = True
> +
> # LOGGING
> # Logging configuration generally follows the style of the standard
> # Python logging module configuration. Note that when specifying

+1

-sv
_______________________________________________
infrastructure mailing list
infrastructure@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/infrastructure

Freeze Break request: set httponly True in all our TG1 apps

+1

-Toshio
On Fri, Mar 23, 2012 at 02:23:09PM -0400, seth vidal wrote:
> On Fri, 23 Mar 2012 12:22:04 -0600
> Kevin Fenzi <kevin@scrye.com> wrote:
>
> > Greetings.
> >
> > See this ticket for some background:
> >
> > https://fedorahosted.org/fedora-infrastructure/ticket/3022
> >
> > I have tested all these in staging, so I don't think there will be any
> > issues with anything, but if so we can always revert pretty easily.
> > I also set secure on all our TG1 apps that didn't have that set.
> >
> > +1s?
> >
> > kevin
> > --
> > diff --git a/modules/bodhi/templates/bodhi-prod.cfg.erb
> > b/modules/bodhi/templates/bodhi-prod.cfg.erb index 9c176de..d554253
> > 100644 --- a/modules/bodhi/templates/bodhi-prod.cfg.erb
> > +++ b/modules/bodhi/templates/bodhi-prod.cfg.erb
> > @@ -71,6 +71,7 @@
> > identity.saprovider.model.visit="fedora.accounts.t gfas.VisitIdentity"
> > visit.manager="jsonfas2"
> > visit.saprovider.model="fedora.accounts.tgfas.Visi t"
> > visit.cookie.secure = True +visit.cookie.httponly = True
> >
> > # Our identity that we use to fetch bugzilla details and such
> > bodhi_password='<%= bodhiBugzillaPassword %>'
> > diff --git a/modules/elections/templates/elections-prod.cfg.erb
> > b/modules/elections/templates/elections-prod.cfg.erb index
> > d1bfc24..0b379fd 100644 ---
> > a/modules/elections/templates/elections-prod.cfg.erb +++
> > b/modules/elections/templates/elections-prod.cfg.erb @@ -45,6 +45,9
> > @@ autoreload.on=False autoreload.package="elections"
> > server.log_to_screen=False
> >
> > +visit.cookie.secure = True
> > +visit.cookie.httponly = True
> > +
> > # Auto-Reload after code modification
> > # autoreload.on = True
> >
> > diff --git a/modules/fas/templates/fas.cfg.erb
> > b/modules/fas/templates/fas.cfg.erb index 08b58ff..3232b40 100644
> > --- a/modules/fas/templates/fas.cfg.erb
> > +++ b/modules/fas/templates/fas.cfg.erb
> > @@ -117,7 +117,7 @@ server.log_to_screen = False
> > # Make the session cookie only return to the host over an SSL link
> > visit.cookie.secure = True
> > session_filter.cookie_secure = True
> > -
> > +visit.cookie.httponly = True
> >
> > ###
> > ### Communicating to other services
> > diff --git
> > a/modules/mirrormanager/templates/mirrormanager-prod.cfg.erb
> > b/modules/mirrormanager/templates/mirrormanager-prod.cfg.erb index
> > 32c3d91..a3674b6 100644 ---
> > a/modules/mirrormanager/templates/mirrormanager-prod.cfg.erb +++
> > b/modules/mirrormanager/templates/mirrormanager-prod.cfg.erb @@ -61,6
> > +61,7 @@
> > identity.saprovider.model.visit="fedora.accounts.t gfas.VisitIdentity"
> > visit.manager="jsonfas2"
> > visit.saprovider.model="fedora.accounts.tgfas.Visi t"
> > visit.cookie.secure = True +visit.cookie.httponly = True
> > mirrormanager.admin_group = 'sysadmin-web'
> > mirrormanager.max_stale_days = 2 diff --git
> > a/modules/smolt/templates/prod.cfg.erb
> > b/modules/smolt/templates/prod.cfg.erb index 0e10dbd..2c34b3d 100644
> > --- a/modules/smolt/templates/prod.cfg.erb +++
> > b/modules/smolt/templates/prod.cfg.erb @@ -60,6 +60,9 @@
> > tg.strict_parameters = True tg.ignore_parameters = ["_csrf_token"]
> > tg.scheduler = True
> >
> > +visit.cookie.secure = True
> > +visit.cookie.httponly = True
> > +
> > # LOGGING
> > # Logging configuration generally follows the style of the standard
> > # Python logging module configuration. Note that when specifying
>
>
> +1
>
> -sv

> _______________________________________________
> infrastructure mailing list
> infrastructure@lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/infrastructure

_______________________________________________
infrastructure mailing list
infrastructure@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/infrastructure