Skip to content
Permalink
Browse files
πŸ”’οΈ(all) set session cookie secure to True as default
We relied on OpenEdX's default value for this setting but it is
unsecure.
  • Loading branch information
sampaccoud committed Sep 28, 2021
1 parent e36b1c7 commit d2bf8afe38e717d8ffb9705578035ea0bbb76688
Showing with 109 additions and 38 deletions.
  1. +80 βˆ’16 .circleci/config.yml
  2. +4 βˆ’0 releases/dogwood/3/fun/CHANGELOG.md
  3. +1 βˆ’1 releases/dogwood/3/fun/config/cms/docker_run_production.py
  4. +1 βˆ’1 releases/dogwood/3/fun/config/lms/docker_run_production.py
  5. +1 βˆ’0 releases/eucalyptus/3/bare/CHANGELOG.md
  6. +1 βˆ’1 releases/eucalyptus/3/bare/config/cms/docker_run_production.py
  7. +1 βˆ’1 releases/eucalyptus/3/bare/config/lms/docker_run_production.py
  8. +4 βˆ’0 releases/eucalyptus/3/wb/CHANGELOG.md
  9. +1 βˆ’1 releases/eucalyptus/3/wb/config/cms/docker_run_production.py
  10. +1 βˆ’1 releases/eucalyptus/3/wb/config/lms/docker_run_production.py
  11. +1 βˆ’0 releases/hawthorn/1/bare/CHANGELOG.md
  12. +1 βˆ’1 releases/hawthorn/1/bare/config/cms/docker_run_production.py
  13. +1 βˆ’1 releases/hawthorn/1/bare/config/lms/docker_run_production.py
  14. +1 βˆ’0 releases/hawthorn/1/oee/CHANGELOG.md
  15. +1 βˆ’1 releases/hawthorn/1/oee/config/cms/docker_run_production.py
  16. +1 βˆ’1 releases/hawthorn/1/oee/config/lms/docker_run_production.py
  17. +1 βˆ’0 releases/ironwood/2/bare/CHANGELOG.md
  18. +1 βˆ’1 releases/ironwood/2/bare/config/cms/docker_run_production.py
  19. +1 βˆ’1 releases/ironwood/2/bare/config/lms/docker_run_production.py
  20. +1 βˆ’0 releases/ironwood/2/oee/CHANGELOG.md
  21. +1 βˆ’1 releases/ironwood/2/oee/config/cms/docker_run_production.py
  22. +1 βˆ’1 releases/ironwood/2/oee/config/lms/docker_run_production.py
  23. +0 βˆ’6 releases/master/0/bare/CHANGELOG.md
  24. +1 βˆ’1 releases/master/0/bare/config/cms/docker_run_production.py
  25. +1 βˆ’1 releases/master/0/bare/config/lms/docker_run_production.py
@@ -163,14 +163,30 @@ jobs:
#
# Note that the job name should match the EDX_RELEASE value

# No changes detected for dogwood.3-fun
# No changes detected for eucalyptus.3-bare
# No changes detected for eucalyptus.3-wb
# No changes detected for hawthorn.1-bare
# No changes detected for hawthorn.1-oee
# No changes detected for ironwood.2-bare
# No changes detected for ironwood.2-oee
# No changes detected for master.0-bare
# Run jobs for the dogwood.3-fun release
dogwood.3-fun:
<<: [*defaults, *build_steps]
# Run jobs for the eucalyptus.3-bare release
eucalyptus.3-bare:
<<: [*defaults, *build_steps]
# Run jobs for the eucalyptus.3-wb release
eucalyptus.3-wb:
<<: [*defaults, *build_steps]
# Run jobs for the hawthorn.1-bare release
hawthorn.1-bare:
<<: [*defaults, *build_steps]
# Run jobs for the hawthorn.1-oee release
hawthorn.1-oee:
<<: [*defaults, *build_steps]
# Run jobs for the ironwood.2-bare release
ironwood.2-bare:
<<: [*defaults, *build_steps]
# Run jobs for the ironwood.2-oee release
ironwood.2-oee:
<<: [*defaults, *build_steps]
# Run jobs for the master.0-bare release
master.0-bare:
<<: [*defaults, *build_steps]

# Hub job
hub:
@@ -259,14 +275,62 @@ workflows:

# Build jobs

# No changes detected so no job to run for dogwood.3-fun
# No changes detected so no job to run for eucalyptus.3-bare
# No changes detected so no job to run for eucalyptus.3-wb
# No changes detected so no job to run for hawthorn.1-bare
# No changes detected so no job to run for hawthorn.1-oee
# No changes detected so no job to run for ironwood.2-bare
# No changes detected so no job to run for ironwood.2-oee
# No changes detected so no job to run for master.0-bare
# Run jobs for the dogwood.3-fun release
- dogwood.3-fun:
requires:
- check-configuration
filters:
tags:
ignore: /.*/
# Run jobs for the eucalyptus.3-bare release
- eucalyptus.3-bare:
requires:
- check-configuration
filters:
tags:
ignore: /.*/
# Run jobs for the eucalyptus.3-wb release
- eucalyptus.3-wb:
requires:
- check-configuration
filters:
tags:
ignore: /.*/
# Run jobs for the hawthorn.1-bare release
- hawthorn.1-bare:
requires:
- check-configuration
filters:
tags:
ignore: /.*/
# Run jobs for the hawthorn.1-oee release
- hawthorn.1-oee:
requires:
- check-configuration
filters:
tags:
ignore: /.*/
# Run jobs for the ironwood.2-bare release
- ironwood.2-bare:
requires:
- check-configuration
filters:
tags:
ignore: /.*/
# Run jobs for the ironwood.2-oee release
- ironwood.2-oee:
requires:
- check-configuration
filters:
tags:
ignore: /.*/
# Run jobs for the master.0-bare release
- master.0-bare:
requires:
- check-configuration
filters:
tags:
ignore: /.*/

# We are pushing to Docker only images that are the result of a tag respecting the pattern:
# **{branch-name}-x.y.z**
@@ -9,6 +9,10 @@ release.

## [Unreleased]

### Fixed

- Set `SESSION_COOKIE_SECURE` to True by default

## [dogwood.3-fun-2.3.1] - 2021-08-19

### Fixed
@@ -226,7 +226,7 @@
"SESSION_COOKIE_HTTPONLY", default=True, formatter=bool
)
SESSION_COOKIE_SECURE = config(
"SESSION_COOKIE_SECURE", default=SESSION_COOKIE_SECURE, formatter=bool
"SESSION_COOKIE_SECURE", default=True, formatter=bool
)
SESSION_ENGINE = config("SESSION_ENGINE", default="redis_sessions.session")
SESSION_SAVE_EVERY_REQUEST = config(
@@ -183,7 +183,7 @@
"SESSION_COOKIE_HTTPONLY", default=True, formatter=bool
)
SESSION_COOKIE_SECURE = config(
"SESSION_COOKIE_SECURE", default=SESSION_COOKIE_SECURE, formatter=bool
"SESSION_COOKIE_SECURE", default=True, formatter=bool
)
SESSION_ENGINE = config("SESSION_ENGINE", default="redis_sessions.session")
SESSION_SAVE_EVERY_REQUEST = config(
@@ -11,6 +11,7 @@ release.

### Fixed

- Set `SESSION_COOKIE_SECURE` to True by default
- Fix build after get-pip.py script moved location

## [eucalyptus.3-1.2.0] - 2020-05-14
@@ -210,7 +210,7 @@
"SESSION_COOKIE_HTTPONLY", default=True, formatter=bool
)
SESSION_COOKIE_SECURE = config(
"SESSION_COOKIE_SECURE", default=SESSION_COOKIE_SECURE, formatter=bool
"SESSION_COOKIE_SECURE", default=True, formatter=bool
)
SESSION_ENGINE = config(
"SESSION_ENGINE", default="django.contrib.sessions.backends.cache"
@@ -184,7 +184,7 @@
"SESSION_COOKIE_HTTPONLY", default=True, formatter=bool
)
SESSION_COOKIE_SECURE = config(
"SESSION_COOKIE_SECURE", default=SESSION_COOKIE_SECURE, formatter=bool
"SESSION_COOKIE_SECURE", default=True, formatter=bool
)
SESSION_SAVE_EVERY_REQUEST = config(
"SESSION_SAVE_EVERY_REQUEST", default=SESSION_SAVE_EVERY_REQUEST, formatter=bool
@@ -9,6 +9,10 @@ release.

## [Unreleased]

### Fixed

- Set `SESSION_COOKIE_SECURE` to True by default

## [eucalyptus.3-wb-1.10.0] - 2021-08-17

### Changed
@@ -214,7 +214,7 @@
"SESSION_COOKIE_HTTPONLY", default=True, formatter=bool
)
SESSION_COOKIE_SECURE = config(
"SESSION_COOKIE_SECURE", default=SESSION_COOKIE_SECURE, formatter=bool
"SESSION_COOKIE_SECURE", default=True, formatter=bool
)
SESSION_ENGINE = config("SESSION_ENGINE", default="redis_sessions.session")
SESSION_SAVE_EVERY_REQUEST = config(
@@ -183,7 +183,7 @@
"SESSION_COOKIE_HTTPONLY", default=True, formatter=bool
)
SESSION_COOKIE_SECURE = config(
"SESSION_COOKIE_SECURE", default=SESSION_COOKIE_SECURE, formatter=bool
"SESSION_COOKIE_SECURE", default=True, formatter=bool
)
SESSION_ENGINE = config("SESSION_ENGINE", default="redis_sessions.session")
SESSION_SAVE_EVERY_REQUEST = config(
@@ -11,6 +11,7 @@ release.

### Fixed

- Set `SESSION_COOKIE_SECURE` to True by default
- Fix build by installing py2neo 3.1.2 from its github repository
- Fix build after get-pip.py script moved location
- Fix pip install for python 2.7
@@ -203,7 +203,7 @@
"SESSION_ENGINE", default="django.contrib.sessions.backends.cache"
)
SESSION_COOKIE_SECURE = config(
"SESSION_COOKIE_SECURE", default=SESSION_COOKIE_SECURE, formatter=bool
"SESSION_COOKIE_SECURE", default=True, formatter=bool
)
SESSION_SAVE_EVERY_REQUEST = config(
"SESSION_SAVE_EVERY_REQUEST", default=SESSION_SAVE_EVERY_REQUEST, formatter=bool
@@ -164,7 +164,7 @@
"SESSION_COOKIE_HTTPONLY", default=True, formatter=bool
)
SESSION_COOKIE_SECURE = config(
"SESSION_COOKIE_SECURE", default=SESSION_COOKIE_SECURE, formatter=bool
"SESSION_COOKIE_SECURE", default=True, formatter=bool
)
SESSION_SAVE_EVERY_REQUEST = config(
"SESSION_SAVE_EVERY_REQUEST", default=SESSION_SAVE_EVERY_REQUEST, formatter=bool
@@ -11,6 +11,7 @@ release.

### Fixed

- Set `SESSION_COOKIE_SECURE` to True by default
- Fix build by installing py2neo 3.1.2 from its github repository
- Fix build after get-pip.py script moved location

@@ -209,7 +209,7 @@
SESSION_ENGINE = config("SESSION_ENGINE", default="redis_sessions.session")

SESSION_COOKIE_SECURE = config(
"SESSION_COOKIE_SECURE", default=SESSION_COOKIE_SECURE, formatter=bool
"SESSION_COOKIE_SECURE", default=True, formatter=bool
)
SESSION_SAVE_EVERY_REQUEST = config(
"SESSION_SAVE_EVERY_REQUEST", default=SESSION_SAVE_EVERY_REQUEST, formatter=bool
@@ -198,7 +198,7 @@
"SESSION_COOKIE_HTTPONLY", default=True, formatter=bool
)
SESSION_COOKIE_SECURE = config(
"SESSION_COOKIE_SECURE", default=SESSION_COOKIE_SECURE, formatter=bool
"SESSION_COOKIE_SECURE", default=True, formatter=bool
)
SESSION_SAVE_EVERY_REQUEST = config(
"SESSION_SAVE_EVERY_REQUEST", default=SESSION_SAVE_EVERY_REQUEST, formatter=bool
@@ -11,6 +11,7 @@ release.

### Fixed

- Set `SESSION_COOKIE_SECURE` to True by default
- Fix build by installing py2neo 3.1.2 from its github repository
- Fix pip install for python 2.7

@@ -208,7 +208,7 @@
"SESSION_ENGINE", default="django.contrib.sessions.backends.cache"
)
SESSION_COOKIE_SECURE = config(
"SESSION_COOKIE_SECURE", default=SESSION_COOKIE_SECURE, formatter=bool
"SESSION_COOKIE_SECURE", default=True, formatter=bool
)
SESSION_SAVE_EVERY_REQUEST = config(
"SESSION_SAVE_EVERY_REQUEST", default=SESSION_SAVE_EVERY_REQUEST, formatter=bool
@@ -163,7 +163,7 @@
"SESSION_COOKIE_HTTPONLY", default=True, formatter=bool
)
SESSION_COOKIE_SECURE = config(
"SESSION_COOKIE_SECURE", default=SESSION_COOKIE_SECURE, formatter=bool
"SESSION_COOKIE_SECURE", default=True, formatter=bool
)
SESSION_SAVE_EVERY_REQUEST = config(
"SESSION_SAVE_EVERY_REQUEST", default=SESSION_SAVE_EVERY_REQUEST, formatter=bool
@@ -11,6 +11,7 @@ release.

### Fixed

- Set `SESSION_COOKIE_SECURE` to True by default
- Fix build by installing py2neo 3.1.2 from its github repository

## [ironwood.2-oee-1.0.4] - 2021-03-04
@@ -213,7 +213,7 @@
SESSION_ENGINE = config("SESSION_ENGINE", default="redis_sessions.session")

SESSION_COOKIE_SECURE = config(
"SESSION_COOKIE_SECURE", default=SESSION_COOKIE_SECURE, formatter=bool
"SESSION_COOKIE_SECURE", default=True, formatter=bool
)
SESSION_SAVE_EVERY_REQUEST = config(
"SESSION_SAVE_EVERY_REQUEST", default=SESSION_SAVE_EVERY_REQUEST, formatter=bool
@@ -197,7 +197,7 @@
"SESSION_COOKIE_HTTPONLY", default=True, formatter=bool
)
SESSION_COOKIE_SECURE = config(
"SESSION_COOKIE_SECURE", default=SESSION_COOKIE_SECURE, formatter=bool
"SESSION_COOKIE_SECURE", default=True, formatter=bool
)
SESSION_SAVE_EVERY_REQUEST = config(
"SESSION_SAVE_EVERY_REQUEST", default=SESSION_SAVE_EVERY_REQUEST, formatter=bool
@@ -13,10 +13,4 @@ release.
## [Unreleased]

### Fixed

- Fix build by installing py2neo 3.1.2 from its github repository
- Fix build after get-pip.py script moved location
- Fix pip install for python 2.7

[unreleased]: https://github.com/openfun/openedx-docker
@@ -204,7 +204,7 @@
"SESSION_ENGINE", default="django.contrib.sessions.backends.cache"
)
SESSION_COOKIE_SECURE = config(
"SESSION_COOKIE_SECURE", default=SESSION_COOKIE_SECURE, formatter=bool
"SESSION_COOKIE_SECURE", default=True, formatter=bool
)
SESSION_SAVE_EVERY_REQUEST = config(
"SESSION_SAVE_EVERY_REQUEST", default=SESSION_SAVE_EVERY_REQUEST, formatter=bool
@@ -164,7 +164,7 @@
"SESSION_COOKIE_HTTPONLY", default=True, formatter=bool
)
SESSION_COOKIE_SECURE = config(
"SESSION_COOKIE_SECURE", default=SESSION_COOKIE_SECURE, formatter=bool
"SESSION_COOKIE_SECURE", default=True, formatter=bool
)
SESSION_SAVE_EVERY_REQUEST = config(
"SESSION_SAVE_EVERY_REQUEST", default=SESSION_SAVE_EVERY_REQUEST, formatter=bool

0 comments on commit d2bf8af

Please sign in to comment.