Adding the HTTPONLY cookie header to secure_cookies
Change-Id: Ic34170530b260b426fd65ac96aa5f494591c2ff1 Closes-Bug: #1860608
This commit is contained in:
parent
d0639c29ec
commit
fc6226565b
|
@ -152,6 +152,7 @@ describe 'horizon' do
|
|||
"SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')",
|
||||
'CSRF_COOKIE_SECURE = True',
|
||||
'SESSION_COOKIE_SECURE = True',
|
||||
'SESSION_COOKIE_HTTPONLY = True',
|
||||
" 'identity': 2.0,",
|
||||
"OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True",
|
||||
"OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = 'domain.tld'",
|
||||
|
|
|
@ -65,9 +65,11 @@ SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
|
|||
<% if @secure_cookies %>
|
||||
CSRF_COOKIE_SECURE = True
|
||||
SESSION_COOKIE_SECURE = True
|
||||
SESSION_COOKIE_HTTPONLY = True
|
||||
<% else %>
|
||||
#CSRF_COOKIE_SECURE = True
|
||||
#SESSION_COOKIE_SECURE = True
|
||||
#SESSION_COOKIE_HTTPONLY = True
|
||||
<% end %>
|
||||
|
||||
# Overrides for OpenStack API versions. Use this setting to force the
|
||||
|
|
Loading…
Reference in New Issue