Adding the HTTPONLY cookie header to secure_cookies

Change-Id: Ic34170530b260b426fd65ac96aa5f494591c2ff1
Closes-Bug: #1860608
This commit is contained in:
Marc Methot 2020-01-22 16:25:53 -05:00
parent d0639c29ec
commit fc6226565b
2 changed files with 3 additions and 0 deletions

View File

@ -152,6 +152,7 @@ describe 'horizon' do
"SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')",
'CSRF_COOKIE_SECURE = True',
'SESSION_COOKIE_SECURE = True',
'SESSION_COOKIE_HTTPONLY = True',
" 'identity': 2.0,",
"OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True",
"OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = 'domain.tld'",

View File

@ -65,9 +65,11 @@ SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
<% if @secure_cookies %>
CSRF_COOKIE_SECURE = True
SESSION_COOKIE_SECURE = True
SESSION_COOKIE_HTTPONLY = True
<% else %>
#CSRF_COOKIE_SECURE = True
#SESSION_COOKIE_SECURE = True
#SESSION_COOKIE_HTTPONLY = True
<% end %>
# Overrides for OpenStack API versions. Use this setting to force the