Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Make secure_cookie set SESSION_COOKIE_SECURE #68

Merged
merged 2 commits into from
Aug 10, 2023
Merged

Make secure_cookie set SESSION_COOKIE_SECURE #68

merged 2 commits into from
Aug 10, 2023

Conversation

joseph-sentry
Copy link
Contributor

Purpose/Motivation

Allow the SESSION_COOKIE_SECURE option in Django to be configurable.

Links to relevant tickets

codecov/shared#20
codecov/engineering-team#124

What does this PR do?

  • Set SESSION_COOKIE_SECURE in settings_base.py using get_config

@joseph-sentry joseph-sentry marked this pull request as ready for review August 4, 2023 21:40
@joseph-sentry joseph-sentry linked an issue Aug 4, 2023 that may be closed by this pull request
Allow configuration of secure session cookie in Django codecov/engineering-team#124
Closed
@codecov-staging
Copy link

codecov-staging bot commented Aug 4, 2023
edited

Codecov Report

Patch coverage: 100.00% and no project coverage change.

Comparison is base (9e4eb01) 95.21% compared to head (97606ae) 95.21%.

Additional details and impacted files 
@@           Coverage Diff           @@
##             main      #68   +/-   ##
=======================================
  Coverage   95.21%   95.21%           
=======================================
  Files         578      578           
  Lines       14474    14474           
=======================================
+ Hits        13781    13782    +1     
+ Misses        693      692    -1
Flag Coverage Δ
unit 95.21% <100.00%> (+<0.01%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

Files Changed Coverage Δ
codecov/settings_staging.py 0.00% <ø> (ø)
codecov/settings_base.py 84.21% <100.00%> (+0.09%) ⬆️

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@codecov
Copy link

codecov bot commented Aug 4, 2023
edited

Codecov Report

Merging #68 (97606ae) into main (9e4eb01) will not change coverage.
The diff coverage is 100.00%.

@@          Coverage Diff          @@
##            main     #68   +/-   ##
=====================================
  Coverage   95.27   95.27           
=====================================
  Files        691     691           
  Lines      14645   14645           
=====================================
+ Hits       13952   13953    +1     
+ Misses       693     692    -1
Flag Coverage Δ
unit 95.21% <100.00%> (+<0.01%) ⬆️
unit-latest-uploader 95.21% <100.00%> (+<0.01%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

Files Changed Coverage Δ
codecov/settings_staging.py 0.00% <ø> (ø)
codecov/settings_base.py 84.21% <100.00%> (+0.09%) ⬆️

@matt-codecov
Copy link
Contributor

from a quick search it looks like this is on in staging but otherwise not referenced? and the default is false in the django docs, so this has the effect of turning it on by default for local and prod. right? do people need to add anything to their codecov.yml to keep their local setups working? do we need to do anything to prepare prod?

matt-codecov
matt-codecov approved these changes Aug 9, 2023
View reviewed changes
Copy link
Contributor

@matt-codecov matt-codecov left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

approved, with the expectation that either:

  • you'll change default=False and then add opt prod/local environments in when tested
  • you'll do a little legwork to make sure flipping this to True doesn't require any other changes to work correctly

@joseph-sentry
Make secure_cookie set SESSION_COOKIE_SECURE
511d4f7 
Signed-off-by: joseph-sentry <joseph.sawaya@sentry.io>
@joseph-sentry
Remove SESSION_COOKIE_SECURE from settings_staging
97606ae 
Signed-off-by: joseph-sentry <joseph.sawaya@sentry.io>
@joseph-sentry joseph-sentry merged commit 8fb4109 into main Aug 10, 2023
12 checks passed
@joseph-sentry joseph-sentry deleted the joseph/add-secure-cookie branch August 10, 2023 14:36
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@matt-codecov matt-codecov matt-codecov approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Allow configuration of secure session cookie in Django
2 participants
@joseph-sentry @matt-codecov