yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1333407] Re: Secure Site Recommendations recommends setting a flag that is already default

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Russell Bryant <1333407@xxxxxxxxxxxxxxxxxx>
Date: Wed, 23 Jul 2014 19:39:48 -0000
Reply-to: Bug 1333407 <1333407@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** Changed in: horizon
       Status: Fix Committed => Fix Released

** Changed in: horizon
    Milestone: None => juno-2

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Dashboard (Horizon).
https://bugs.launchpad.net/bugs/1333407

Title:
  Secure Site Recommendations recommends setting a flag that is already
  default

Status in OpenStack Dashboard (Horizon):
  Fix Released

Bug description:
  See:
  http://docs.openstack.org/developer/horizon/topics/deployment.html
  #secure-site-recommendations

  The docs recommend setting SESSION_COOKIE_HTTPONLY = True, however
  this is already the default:

  https://github.com/openstack/horizon/blob/master/openstack_dashboard/settings.py#L166

  When I tried to add this line to the example config file I was told
  it's already default and not needed there, since that is the case, the
  docs need to be fixed.

  
  See discussion in:

  https://review.openstack.org/#/c/101259/

  
   <david-lyle> I don't agree with your change, https://github.com/openstack/horizon/blob/master/openstack_dashboard/settings.py#L166 already sets that
   <mfisch> so then its a doc bug
   <mfisch> see my comment
   <mfisch> I'll file a doc bug

To manage notifications about this bug go to:
https://bugs.launchpad.net/horizon/+bug/1333407/+subscriptions

References

[Bug 1333407] [NEW] Secure Site Recommendations recommends setting a flag that is already default
From: Matt Fischer, 2014-06-23