yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1333407] [NEW] Secure Site Recommendations recommends setting a flag that is already default

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Matt Fischer <matt@xxxxxxxxxxxxxxx>
Date: Mon, 23 Jun 2014 20:20:58 -0000
Reply-to: Bug 1333407 <1333407@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Public bug reported:

See: http://docs.openstack.org/developer/horizon/topics/deployment.html
#secure-site-recommendations

The docs recommend setting SESSION_COOKIE_HTTPONLY = True, however this
is already the default:

https://github.com/openstack/horizon/blob/master/openstack_dashboard/settings.py#L166

When I tried to add this line to the example config file I was told it's
already default and not needed there, since that is the case, the docs
need to be fixed.


See discussion in:

https://review.openstack.org/#/c/101259/


 <david-lyle> I don't agree with your change, https://github.com/openstack/horizon/blob/master/openstack_dashboard/settings.py#L166 already sets that
 <mfisch> so then its a doc bug
 <mfisch> see my comment
 <mfisch> I'll file a doc bug

** Affects: horizon
     Importance: Undecided
         Status: New


** Tags: low-hanging-fruit

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Dashboard (Horizon).
https://bugs.launchpad.net/bugs/1333407

Title:
  Secure Site Recommendations recommends setting a flag that is already
  default

Status in OpenStack Dashboard (Horizon):
  New

Bug description:
  See:
  http://docs.openstack.org/developer/horizon/topics/deployment.html
  #secure-site-recommendations

  The docs recommend setting SESSION_COOKIE_HTTPONLY = True, however
  this is already the default:

  https://github.com/openstack/horizon/blob/master/openstack_dashboard/settings.py#L166

  When I tried to add this line to the example config file I was told
  it's already default and not needed there, since that is the case, the
  docs need to be fixed.

  
  See discussion in:

  https://review.openstack.org/#/c/101259/

  
   <david-lyle> I don't agree with your change, https://github.com/openstack/horizon/blob/master/openstack_dashboard/settings.py#L166 already sets that
   <mfisch> so then its a doc bug
   <mfisch> see my comment
   <mfisch> I'll file a doc bug

To manage notifications about this bug go to:
https://bugs.launchpad.net/horizon/+bug/1333407/+subscriptions

Follow ups

[Bug 1333407] Re: Secure Site Recommendations recommends setting a flag that is already default
From: Russell Bryant, 2014-07-23
[Bug 1333407] [NEW] Secure Site Recommendations recommends setting a flag that is already default
From: Matt Fischer, 2014-06-23

References

[Bug 1333407] [NEW] Secure Site Recommendations recommends setting a flag that is already default
From: Matt Fischer, 2014-06-23