Enable SESSION_COOKIE_SECURE & CSRF_COOKIE_SECURE
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
tripleo |
Fix Released
|
Medium
|
Luke Hinds |
Bug Description
Currently SESSION_
If SESSION_
This launchpad is means to track that when 'TLS everywhere' is implemented and the TLS runs on the internal connection of horizon / apache too, we also enable SESSION_
HTTPS redirects can also be implemented under the TLS everywhere work using SECURE_SSL_REDIRECT and *possibly* for HTTP Strict Transport Security using SECURE_HSTS_SECONDS and SECURE_
Details of each setting type may be found in the following:
https:/
Changed in tripleo: | |
status: | New → Triaged |
Changed in tripleo: | |
milestone: | none → ocata-3 |
description: | updated |
description: | updated |
Changed in tripleo: | |
milestone: | ocata-3 → pike-1 |
Changed in tripleo: | |
milestone: | pike-1 → ocata-3 |
status: | Fix Committed → Fix Released |
Changed in tripleo: | |
assignee: | nobody → Luke Hinds (lhinds) |
Patches have landed for this now:
http:// git.openstack. org/cgit/ openstack/ puppet- horizon/ tree/templates/ local_settings. py.erb# n52
Will close.