Make session and csrf cookies secure by default

2026-03-11 22:49:32 -02:30 · 2017-01-11 10:39:24 -05:00
parent 8526004408
commit 8796af7e28
2 changed files with 11 additions and 5 deletions
--- a/awx/settings/defaults.py
+++ b/awx/settings/defaults.py
@@ -163,6 +163,12 @@ MAX_EVENT_RES_DATA = 700000
 # Note: This setting may be overridden by database settings.
 EVENT_STDOUT_MAX_BYTES_DISPLAY = 1024
 # Disallow sending session cookies over insecure connections
 SESSION_COOKIE_SECURE = True
 # Disallow sending csrf cookies over insecure connections
 CSRF_COOKIE_SECURE = True
 TEMPLATE_CONTEXT_PROCESSORS = (  # NOQA
    'django.contrib.auth.context_processors.auth',
    'django.core.context_processors.debug',
--- a/awx/settings/development.py
+++ b/awx/settings/development.py
@@ -24,11 +24,11 @@ ALLOWED_HOSTS = ['*']
 mimetypes.add_type("image/svg+xml", ".svg", True)
 mimetypes.add_type("image/svg+xml", ".svgz", True)
-MONGO_HOST = '127.0.0.1'
+# Disallow sending session cookies over insecure connections
-MONGO_PORT = 27017
+SESSION_COOKIE_SECURE = False
-MONGO_USERNAME = None
+
-MONGO_PASSWORD = None
+# Disallow sending csrf cookies over insecure connections
-MONGO_DB = 'system_tracking_dev'
+CSRF_COOKIE_SECURE = False
 # Override django.template.loaders.cached.Loader in defaults.py
 TEMPLATE_LOADERS = (