Implement "CSRF_COOKIE_HTTPONLY" option support in horizon

The HTTP only flag protects the session cookies from
cross-site scripting.

Change-Id: Iec07b3b447051726ce218e5f31c8bf583731a90c
This commit is contained in:
Gayathri Devi Kathiri 2021-04-06 16:48:31 +00:00
parent 34c3cd4adf
commit 64cf176bef
4 changed files with 5 additions and 1 deletions

View File

@ -14,7 +14,7 @@ apiVersion: v1
appVersion: v1.0.0 appVersion: v1.0.0
description: OpenStack-Helm Horizon description: OpenStack-Helm Horizon
name: horizon name: horizon
version: 0.1.7 version: 0.1.8
home: https://docs.openstack.org/horizon/latest/ home: https://docs.openstack.org/horizon/latest/
icon: https://www.openstack.org/themes/openstack/images/project-mascots/Horizon/OpenStack_Project_Horizon_vertical.png icon: https://www.openstack.org/themes/openstack/images/project-mascots/Horizon/OpenStack_Project_Horizon_vertical.png
sources: sources:

View File

@ -188,6 +188,7 @@ conf:
keystone_default_domain: Default keystone_default_domain: Default
disable_password_reveal: "True" disable_password_reveal: "True"
csrf_cookie_secure: "False" csrf_cookie_secure: "False"
csrf_cookie_httponly: "False"
enforce_password_check: "True" enforce_password_check: "True"
# Set enable_pwd_validator to true to enforce password validator settings. # Set enable_pwd_validator to true to enforce password validator settings.
enable_pwd_validator: false enable_pwd_validator: false
@ -275,6 +276,7 @@ conf:
# settings to better secure the cookies from security exploits # settings to better secure the cookies from security exploits
USE_SSL = {{ .Values.conf.horizon.local_settings.config.use_ssl }} USE_SSL = {{ .Values.conf.horizon.local_settings.config.use_ssl }}
CSRF_COOKIE_SECURE = {{ .Values.conf.horizon.local_settings.config.csrf_cookie_secure }} CSRF_COOKIE_SECURE = {{ .Values.conf.horizon.local_settings.config.csrf_cookie_secure }}
CSRF_COOKIE_HTTPONLY = {{ .Values.conf.horizon.local_settings.config.csrf_cookie_httponly }}
SESSION_COOKIE_SECURE = {{ .Values.conf.horizon.local_settings.config.session_cookie_secure }} SESSION_COOKIE_SECURE = {{ .Values.conf.horizon.local_settings.config.session_cookie_secure }}
SESSION_COOKIE_HTTPONLY = {{ .Values.conf.horizon.local_settings.config.session_cookie_httponly }} SESSION_COOKIE_HTTPONLY = {{ .Values.conf.horizon.local_settings.config.session_cookie_httponly }}

View File

@ -73,6 +73,7 @@ conf:
config: config:
use_ssl: "True" use_ssl: "True"
csrf_cookie_secure: "True" csrf_cookie_secure: "True"
csrf_cookie_httponly: "True"
enforce_password_check: "True" enforce_password_check: "True"
session_cookie_secure: "True" session_cookie_secure: "True"
session_cookie_httponly: "True" session_cookie_httponly: "True"

View File

@ -8,4 +8,5 @@ horizon:
- 0.1.5 Revert - Change Issuer to ClusterIssuer - 0.1.5 Revert - Change Issuer to ClusterIssuer
- 0.1.6 Change Issuer to ClusterIssuer - 0.1.6 Change Issuer to ClusterIssuer
- 0.1.7 Update glance default policy values - 0.1.7 Update glance default policy values
- 0.1.8 Implement "CSRF_COOKIE_HTTPONLY" option support in horizon
... ...