Adding the HTTPONLY cookie header to secure_cookies
Change-Id: Ic34170530b260b426fd65ac96aa5f494591c2ff1
Closes-Bug: #1860608
(cherry picked from commit fc6226565b
)
This commit is contained in:
parent
3c12384f9b
commit
191cc05adf
|
@ -154,6 +154,7 @@ describe 'horizon' do
|
|||
"SECURE_PROXY_ADDR_HEADER = 'HTTP_X_FORWARDED_FOR'",
|
||||
'CSRF_COOKIE_SECURE = True',
|
||||
'SESSION_COOKIE_SECURE = True',
|
||||
'SESSION_COOKIE_HTTPONLY = True',
|
||||
" 'identity': 2.0,",
|
||||
"OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True",
|
||||
"OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = 'domain.tld'",
|
||||
|
|
|
@ -71,9 +71,11 @@ SECURE_PROXY_ADDR_HEADER = '<%= @secure_proxy_addr_header %>'
|
|||
<% if @secure_cookies %>
|
||||
CSRF_COOKIE_SECURE = True
|
||||
SESSION_COOKIE_SECURE = True
|
||||
SESSION_COOKIE_HTTPONLY = True
|
||||
<% else %>
|
||||
#CSRF_COOKIE_SECURE = True
|
||||
#SESSION_COOKIE_SECURE = True
|
||||
#SESSION_COOKIE_HTTPONLY = True
|
||||
<% end %>
|
||||
|
||||
# Overrides for OpenStack API versions. Use this setting to force the
|
||||
|
|
Loading…
Reference in New Issue