Skip to content

Commit

Permalink
enh: set up cookies more strictly
Browse files Browse the repository at this point in the history
  • Loading branch information
@paulmueller
paulmueller committed Jan 26, 2024
1 parent b7f2c1d commit 553f6f9
Show file tree
Hide file tree
Showing 3 changed files with 19 additions and 7 deletions.
1 change: 1 addition & 0 deletions CHANGELOG
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
0.9.6
- enh: always encrypt beaker session cookies
- enh: set up cookies more strictly
- ref: migrate to dcor_shared 0.6.0
- setup: pin uwsgi==2.0.21 due to non-working harakiri
0.9.5
Expand Down
19 changes: 14 additions & 5 deletions dcor_control/resources/dcor_options.ini
View file
Original file line number Diff line number Diff line change
Expand Up @@ -73,13 +73,22 @@ ckanext.dcor_schemas.json_resource_schema_dir = package
ckan.csrf_protection.ignore_extensions = false


# cookies
beaker.session.type = cookie
# general ckan session cookies
# 90 days validity
beaker.session.cookie_expires = 7776000
beaker.session.crypto_type = cryptography
# Optimal would be "json", but there were issues with `datetime`
# objects that could not be jsonified.
beaker.session.data_serializer = pickle
beaker.session.httponly = true
beaker.session.secure = true
beaker.session.samesite = Strict
beaker.session.httponly = true
beaker.session.crypto_type = cryptography
beaker.session.secure = true
beaker.session.type = cookie

# flask login session cookies
REMEMBER_COOKIE_NAME = remember_token
# 90 days validity
REMEMBER_COOKIE_DURATION = 7776000
REMEMBER_COOKIE_SECURE = true
REMEMBER_COOKIE_HTTPONLY = true
REMEMBER_COOKIE_SAMESITE = Strict
6 changes: 4 additions & 2 deletions dcor_control/resources/server_options.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -85,9 +85,11 @@
"includes": {
"general": {
"ckan.ini": {
"sqlalchemy.url": "postgresql://ckan_default:<TEMPLATE:PGSQLPASS>@localhost/ckan_default",
"beaker.session.domain": "<TEMPLATE:HOSTNAME>",
"ckan.storage_path": "/data/ckan-<TEMPLATE:HOSTNAME>",
"ckanext.dcor_depot.users_depot_name": "users-<TEMPLATE:HOSTNAME>",
"ckan.storage_path": "/data/ckan-<TEMPLATE:HOSTNAME>"
"REMEMBER_COOKIE_DOMAIN": "<TEMPLATE:HOSTNAME>",
"sqlalchemy.url": "postgresql://ckan_default:<TEMPLATE:PGSQLPASS>@localhost/ckan_default"
}
},
"garching": {
Expand Down

0 comments on commit 553f6f9

Please sign in to comment.