From d8c0c33012d9a75e980f9f6cef59367594258af9 Mon Sep 17 00:00:00 2001 From: Ben Nemec Date: Thu, 8 Jun 2017 16:28:34 -0500 Subject: [PATCH] Change HorizonSecureCookies default to False HorizonSecureCookies is incompatible with non-ssl deployments, which is our default deployment method. When SSL is in use, it can be turned on in the enable-tls.yaml file. This does mean that existing users won't automatically get this feature turned on as part of their upgrade because enable-tls.yaml is an environment that is intended to be copied and edited, but it's simple to add the parameter to the file for users who want that behavior after they upgrade to a version where it is available. Change-Id: If83d3d8709fc4e0c09569e8bf524721d332bf560 Closes-Bug: 1696861 --- environments/enable-tls.yaml | 1 + puppet/services/horizon.yaml | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/environments/enable-tls.yaml b/environments/enable-tls.yaml index 39ded65461..481459cba5 100644 --- a/environments/enable-tls.yaml +++ b/environments/enable-tls.yaml @@ -2,6 +2,7 @@ # For these values to take effect, one of the tls-endpoints-*.yaml environments # must also be used. parameter_defaults: + HorizonSecureCookies: True SSLCertificate: | The contents of your certificate go here SSLIntermediateCertificate: '' diff --git a/puppet/services/horizon.yaml b/puppet/services/horizon.yaml index 93bced8bee..092d072060 100644 --- a/puppet/services/horizon.yaml +++ b/puppet/services/horizon.yaml @@ -55,7 +55,7 @@ parameters: HorizonSecureCookies: description: Set CSRF_COOKIE_SECURE / SESSION_COOKIE_SECURE in Horizon type: boolean - default: true + default: false MemcachedIPv6: default: false description: Enable IPv6 features in Memcached.