Public bug reported: See: http://docs.openstack.org/developer/horizon/topics/deployment.html #secure-site-recommendations
The docs recommend setting SESSION_COOKIE_HTTPONLY = True, however this is already the default: https://github.com/openstack/horizon/blob/master/openstack_dashboard/settings.py#L166 When I tried to add this line to the example config file I was told it's already default and not needed there, since that is the case, the docs need to be fixed. See discussion in: https://review.openstack.org/#/c/101259/ <david-lyle> I don't agree with your change, https://github.com/openstack/horizon/blob/master/openstack_dashboard/settings.py#L166 already sets that <mfisch> so then its a doc bug <mfisch> see my comment <mfisch> I'll file a doc bug ** Affects: horizon Importance: Undecided Status: New ** Tags: low-hanging-fruit -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Dashboard (Horizon). https://bugs.launchpad.net/bugs/1333407 Title: Secure Site Recommendations recommends setting a flag that is already default Status in OpenStack Dashboard (Horizon): New Bug description: See: http://docs.openstack.org/developer/horizon/topics/deployment.html #secure-site-recommendations The docs recommend setting SESSION_COOKIE_HTTPONLY = True, however this is already the default: https://github.com/openstack/horizon/blob/master/openstack_dashboard/settings.py#L166 When I tried to add this line to the example config file I was told it's already default and not needed there, since that is the case, the docs need to be fixed. See discussion in: https://review.openstack.org/#/c/101259/ <david-lyle> I don't agree with your change, https://github.com/openstack/horizon/blob/master/openstack_dashboard/settings.py#L166 already sets that <mfisch> so then its a doc bug <mfisch> see my comment <mfisch> I'll file a doc bug To manage notifications about this bug go to: https://bugs.launchpad.net/horizon/+bug/1333407/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
