Merge "fix(security): update horizon setting"

2020-06-08 22:58:09 +00:00 · 2020-06-08 22:58:09 +00:00 · 5785a46ab3
commit 5785a46ab3
parent 16ea83e11c d122223214
1 changed files with 4 additions and 3 deletions
--- a/horizon/values.yaml
+++ b/horizon/values.yaml
@ -185,12 +185,13 @@ conf:
        debug: "False"
        keystone_multidomain_support: "True"
        keystone_default_domain: Default
-        disable_password_reveal: "False"
+        disable_password_reveal: "True"
        csrf_cookie_secure: "False"
+        enforce_password_check: "True"
        session_cookie_secure: "False"
        session_cookie_httponly: "False"
        secure_proxy_ssl_header: false
-        password_autocomplete: "off"
+        password_autocomplete: "False"
        disallow_iframe_embed: "False"
        allowed_hosts:
          - '*'
@ -593,7 +594,7 @@ conf:
        # Set this to True to display an 'Admin Password' field on the Change Password
        # form to verify that it is indeed the admin logged-in who wants to change
        # the password.
-        # ENFORCE_PASSWORD_CHECK = False
+        ENFORCE_PASSWORD_CHECK = {{ .Values.conf.horizon.local_settings.config.enforce_password_check }}

        # Modules that provide /auth routes that can be used to handle different types
        # of user authentication. Add auth plugins that require extra route handling to