55 lines
1.7 KiB
Diff
55 lines
1.7 KiB
Diff
From 898cfe8212a5940dba6552196ddd243f912b5942 Mon Sep 17 00:00:00 2001
|
|
From: Tomas Jelinek <tojeline@redhat.com>
|
|
Date: Tue, 11 Feb 2020 10:18:33 +0100
|
|
Subject: [PATCH 5/7] daemon: fix cookie options
|
|
|
|
---
|
|
pcs/daemon/app/session.py | 14 +++++++++++---
|
|
1 file changed, 11 insertions(+), 3 deletions(-)
|
|
|
|
diff --git a/pcs/daemon/app/session.py b/pcs/daemon/app/session.py
|
|
index b4d29add..dcbb4c23 100644
|
|
--- a/pcs/daemon/app/session.py
|
|
+++ b/pcs/daemon/app/session.py
|
|
@@ -4,10 +4,16 @@ from pcs.daemon.auth import check_user_groups, authorize_user
|
|
PCSD_SESSION = "pcsd.sid"
|
|
|
|
class Mixin:
|
|
- __session = None
|
|
"""
|
|
Mixin for tornado.web.RequestHandler
|
|
"""
|
|
+
|
|
+ __session = None
|
|
+ __cookie_options = {
|
|
+ "secure": True,
|
|
+ "httponly": True,
|
|
+ }
|
|
+
|
|
def initialize(self, session_storage: Storage):
|
|
self.__storage = session_storage
|
|
|
|
@@ -63,7 +69,7 @@ class Mixin:
|
|
"""
|
|
Write the session id into a response cookie.
|
|
"""
|
|
- self.set_cookie(PCSD_SESSION, self.session.sid)
|
|
+ self.set_cookie(PCSD_SESSION, self.session.sid, **self.__cookie_options)
|
|
|
|
def put_request_cookies_sid_to_response_cookies_sid(self):
|
|
"""
|
|
@@ -73,7 +79,9 @@ class Mixin:
|
|
#TODO this method should exist temporarily (for sinatra compatibility)
|
|
#pylint: disable=invalid-name
|
|
if self.__sid_from_client is not None:
|
|
- self.set_cookie(PCSD_SESSION, self.__sid_from_client)
|
|
+ self.set_cookie(
|
|
+ PCSD_SESSION, self.__sid_from_client, **self.__cookie_options
|
|
+ )
|
|
|
|
def was_sid_in_request_cookies(self):
|
|
return self.__sid_from_client is not None
|
|
--
|
|
2.21.1
|
|
|