Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
🔒️(all) set session cookie secure to True as default
We relied on OpenEdX's default value for this setting but it is
unsecure.
  • Loading branch information
sampaccoud committed Sep 28, 2021
1 parent e36b1c7 commit d2bf8af
Show file tree
Hide file tree
Showing 25 changed files with 109 additions and 38 deletions.
96 changes: 80 additions & 16 deletions .circleci/config.yml
Expand Up @@ -163,14 +163,30 @@ jobs:
#
# Note that the job name should match the EDX_RELEASE value

# No changes detected for dogwood.3-fun
# No changes detected for eucalyptus.3-bare
# No changes detected for eucalyptus.3-wb
# No changes detected for hawthorn.1-bare
# No changes detected for hawthorn.1-oee
# No changes detected for ironwood.2-bare
# No changes detected for ironwood.2-oee
# No changes detected for master.0-bare
# Run jobs for the dogwood.3-fun release
dogwood.3-fun:
<<: [*defaults, *build_steps]
# Run jobs for the eucalyptus.3-bare release
eucalyptus.3-bare:
<<: [*defaults, *build_steps]
# Run jobs for the eucalyptus.3-wb release
eucalyptus.3-wb:
<<: [*defaults, *build_steps]
# Run jobs for the hawthorn.1-bare release
hawthorn.1-bare:
<<: [*defaults, *build_steps]
# Run jobs for the hawthorn.1-oee release
hawthorn.1-oee:
<<: [*defaults, *build_steps]
# Run jobs for the ironwood.2-bare release
ironwood.2-bare:
<<: [*defaults, *build_steps]
# Run jobs for the ironwood.2-oee release
ironwood.2-oee:
<<: [*defaults, *build_steps]
# Run jobs for the master.0-bare release
master.0-bare:
<<: [*defaults, *build_steps]

# Hub job
hub:
Expand Down Expand Up @@ -259,14 +275,62 @@ workflows:

# Build jobs

# No changes detected so no job to run for dogwood.3-fun
# No changes detected so no job to run for eucalyptus.3-bare
# No changes detected so no job to run for eucalyptus.3-wb
# No changes detected so no job to run for hawthorn.1-bare
# No changes detected so no job to run for hawthorn.1-oee
# No changes detected so no job to run for ironwood.2-bare
# No changes detected so no job to run for ironwood.2-oee
# No changes detected so no job to run for master.0-bare
# Run jobs for the dogwood.3-fun release
- dogwood.3-fun:
requires:
- check-configuration
filters:
tags:
ignore: /.*/
# Run jobs for the eucalyptus.3-bare release
- eucalyptus.3-bare:
requires:
- check-configuration
filters:
tags:
ignore: /.*/
# Run jobs for the eucalyptus.3-wb release
- eucalyptus.3-wb:
requires:
- check-configuration
filters:
tags:
ignore: /.*/
# Run jobs for the hawthorn.1-bare release
- hawthorn.1-bare:
requires:
- check-configuration
filters:
tags:
ignore: /.*/
# Run jobs for the hawthorn.1-oee release
- hawthorn.1-oee:
requires:
- check-configuration
filters:
tags:
ignore: /.*/
# Run jobs for the ironwood.2-bare release
- ironwood.2-bare:
requires:
- check-configuration
filters:
tags:
ignore: /.*/
# Run jobs for the ironwood.2-oee release
- ironwood.2-oee:
requires:
- check-configuration
filters:
tags:
ignore: /.*/
# Run jobs for the master.0-bare release
- master.0-bare:
requires:
- check-configuration
filters:
tags:
ignore: /.*/

# We are pushing to Docker only images that are the result of a tag respecting the pattern:
# **{branch-name}-x.y.z**
Expand Down
4 changes: 4 additions & 0 deletions releases/dogwood/3/fun/CHANGELOG.md
Expand Up @@ -9,6 +9,10 @@ release.

## [Unreleased]

### Fixed

- Set `SESSION_COOKIE_SECURE` to True by default

## [dogwood.3-fun-2.3.1] - 2021-08-19

### Fixed
Expand Down
2 changes: 1 addition & 1 deletion releases/dogwood/3/fun/config/cms/docker_run_production.py
Expand Up @@ -226,7 +226,7 @@
"SESSION_COOKIE_HTTPONLY", default=True, formatter=bool
)
SESSION_COOKIE_SECURE = config(
"SESSION_COOKIE_SECURE", default=SESSION_COOKIE_SECURE, formatter=bool
"SESSION_COOKIE_SECURE", default=True, formatter=bool
)
SESSION_ENGINE = config("SESSION_ENGINE", default="redis_sessions.session")
SESSION_SAVE_EVERY_REQUEST = config(
Expand Down
2 changes: 1 addition & 1 deletion releases/dogwood/3/fun/config/lms/docker_run_production.py
Expand Up @@ -183,7 +183,7 @@
"SESSION_COOKIE_HTTPONLY", default=True, formatter=bool
)
SESSION_COOKIE_SECURE = config(
"SESSION_COOKIE_SECURE", default=SESSION_COOKIE_SECURE, formatter=bool
"SESSION_COOKIE_SECURE", default=True, formatter=bool
)
SESSION_ENGINE = config("SESSION_ENGINE", default="redis_sessions.session")
SESSION_SAVE_EVERY_REQUEST = config(
Expand Down
1 change: 1 addition & 0 deletions releases/eucalyptus/3/bare/CHANGELOG.md
Expand Up @@ -11,6 +11,7 @@ release.

### Fixed

- Set `SESSION_COOKIE_SECURE` to True by default
- Fix build after get-pip.py script moved location

## [eucalyptus.3-1.2.0] - 2020-05-14
Expand Down
Expand Up @@ -210,7 +210,7 @@
"SESSION_COOKIE_HTTPONLY", default=True, formatter=bool
)
SESSION_COOKIE_SECURE = config(
"SESSION_COOKIE_SECURE", default=SESSION_COOKIE_SECURE, formatter=bool
"SESSION_COOKIE_SECURE", default=True, formatter=bool
)
SESSION_ENGINE = config(
"SESSION_ENGINE", default="django.contrib.sessions.backends.cache"
Expand Down
Expand Up @@ -184,7 +184,7 @@
"SESSION_COOKIE_HTTPONLY", default=True, formatter=bool
)
SESSION_COOKIE_SECURE = config(
"SESSION_COOKIE_SECURE", default=SESSION_COOKIE_SECURE, formatter=bool
"SESSION_COOKIE_SECURE", default=True, formatter=bool
)
SESSION_SAVE_EVERY_REQUEST = config(
"SESSION_SAVE_EVERY_REQUEST", default=SESSION_SAVE_EVERY_REQUEST, formatter=bool
Expand Down
4 changes: 4 additions & 0 deletions releases/eucalyptus/3/wb/CHANGELOG.md
Expand Up @@ -9,6 +9,10 @@ release.

## [Unreleased]

### Fixed

- Set `SESSION_COOKIE_SECURE` to True by default

## [eucalyptus.3-wb-1.10.0] - 2021-08-17

### Changed
Expand Down
Expand Up @@ -214,7 +214,7 @@
"SESSION_COOKIE_HTTPONLY", default=True, formatter=bool
)
SESSION_COOKIE_SECURE = config(
"SESSION_COOKIE_SECURE", default=SESSION_COOKIE_SECURE, formatter=bool
"SESSION_COOKIE_SECURE", default=True, formatter=bool
)
SESSION_ENGINE = config("SESSION_ENGINE", default="redis_sessions.session")
SESSION_SAVE_EVERY_REQUEST = config(
Expand Down
Expand Up @@ -183,7 +183,7 @@
"SESSION_COOKIE_HTTPONLY", default=True, formatter=bool
)
SESSION_COOKIE_SECURE = config(
"SESSION_COOKIE_SECURE", default=SESSION_COOKIE_SECURE, formatter=bool
"SESSION_COOKIE_SECURE", default=True, formatter=bool
)
SESSION_ENGINE = config("SESSION_ENGINE", default="redis_sessions.session")
SESSION_SAVE_EVERY_REQUEST = config(
Expand Down
1 change: 1 addition & 0 deletions releases/hawthorn/1/bare/CHANGELOG.md
Expand Up @@ -11,6 +11,7 @@ release.

### Fixed

- Set `SESSION_COOKIE_SECURE` to True by default
- Fix build by installing py2neo 3.1.2 from its github repository
- Fix build after get-pip.py script moved location
- Fix pip install for python 2.7
Expand Down
Expand Up @@ -203,7 +203,7 @@
"SESSION_ENGINE", default="django.contrib.sessions.backends.cache"
)
SESSION_COOKIE_SECURE = config(
"SESSION_COOKIE_SECURE", default=SESSION_COOKIE_SECURE, formatter=bool
"SESSION_COOKIE_SECURE", default=True, formatter=bool
)
SESSION_SAVE_EVERY_REQUEST = config(
"SESSION_SAVE_EVERY_REQUEST", default=SESSION_SAVE_EVERY_REQUEST, formatter=bool
Expand Down
Expand Up @@ -164,7 +164,7 @@
"SESSION_COOKIE_HTTPONLY", default=True, formatter=bool
)
SESSION_COOKIE_SECURE = config(
"SESSION_COOKIE_SECURE", default=SESSION_COOKIE_SECURE, formatter=bool
"SESSION_COOKIE_SECURE", default=True, formatter=bool
)
SESSION_SAVE_EVERY_REQUEST = config(
"SESSION_SAVE_EVERY_REQUEST", default=SESSION_SAVE_EVERY_REQUEST, formatter=bool
Expand Down
1 change: 1 addition & 0 deletions releases/hawthorn/1/oee/CHANGELOG.md
Expand Up @@ -11,6 +11,7 @@ release.

### Fixed

- Set `SESSION_COOKIE_SECURE` to True by default
- Fix build by installing py2neo 3.1.2 from its github repository
- Fix build after get-pip.py script moved location

Expand Down
Expand Up @@ -209,7 +209,7 @@
SESSION_ENGINE = config("SESSION_ENGINE", default="redis_sessions.session")

SESSION_COOKIE_SECURE = config(
"SESSION_COOKIE_SECURE", default=SESSION_COOKIE_SECURE, formatter=bool
"SESSION_COOKIE_SECURE", default=True, formatter=bool
)
SESSION_SAVE_EVERY_REQUEST = config(
"SESSION_SAVE_EVERY_REQUEST", default=SESSION_SAVE_EVERY_REQUEST, formatter=bool
Expand Down
Expand Up @@ -198,7 +198,7 @@
"SESSION_COOKIE_HTTPONLY", default=True, formatter=bool
)
SESSION_COOKIE_SECURE = config(
"SESSION_COOKIE_SECURE", default=SESSION_COOKIE_SECURE, formatter=bool
"SESSION_COOKIE_SECURE", default=True, formatter=bool
)
SESSION_SAVE_EVERY_REQUEST = config(
"SESSION_SAVE_EVERY_REQUEST", default=SESSION_SAVE_EVERY_REQUEST, formatter=bool
Expand Down
1 change: 1 addition & 0 deletions releases/ironwood/2/bare/CHANGELOG.md
Expand Up @@ -11,6 +11,7 @@ release.

### Fixed

- Set `SESSION_COOKIE_SECURE` to True by default
- Fix build by installing py2neo 3.1.2 from its github repository
- Fix pip install for python 2.7

Expand Down
Expand Up @@ -208,7 +208,7 @@
"SESSION_ENGINE", default="django.contrib.sessions.backends.cache"
)
SESSION_COOKIE_SECURE = config(
"SESSION_COOKIE_SECURE", default=SESSION_COOKIE_SECURE, formatter=bool
"SESSION_COOKIE_SECURE", default=True, formatter=bool
)
SESSION_SAVE_EVERY_REQUEST = config(
"SESSION_SAVE_EVERY_REQUEST", default=SESSION_SAVE_EVERY_REQUEST, formatter=bool
Expand Down
Expand Up @@ -163,7 +163,7 @@
"SESSION_COOKIE_HTTPONLY", default=True, formatter=bool
)
SESSION_COOKIE_SECURE = config(
"SESSION_COOKIE_SECURE", default=SESSION_COOKIE_SECURE, formatter=bool
"SESSION_COOKIE_SECURE", default=True, formatter=bool
)
SESSION_SAVE_EVERY_REQUEST = config(
"SESSION_SAVE_EVERY_REQUEST", default=SESSION_SAVE_EVERY_REQUEST, formatter=bool
Expand Down
1 change: 1 addition & 0 deletions releases/ironwood/2/oee/CHANGELOG.md
Expand Up @@ -11,6 +11,7 @@ release.

### Fixed

- Set `SESSION_COOKIE_SECURE` to True by default
- Fix build by installing py2neo 3.1.2 from its github repository

## [ironwood.2-oee-1.0.4] - 2021-03-04
Expand Down
Expand Up @@ -213,7 +213,7 @@
SESSION_ENGINE = config("SESSION_ENGINE", default="redis_sessions.session")

SESSION_COOKIE_SECURE = config(
"SESSION_COOKIE_SECURE", default=SESSION_COOKIE_SECURE, formatter=bool
"SESSION_COOKIE_SECURE", default=True, formatter=bool
)
SESSION_SAVE_EVERY_REQUEST = config(
"SESSION_SAVE_EVERY_REQUEST", default=SESSION_SAVE_EVERY_REQUEST, formatter=bool
Expand Down
Expand Up @@ -197,7 +197,7 @@
"SESSION_COOKIE_HTTPONLY", default=True, formatter=bool
)
SESSION_COOKIE_SECURE = config(
"SESSION_COOKIE_SECURE", default=SESSION_COOKIE_SECURE, formatter=bool
"SESSION_COOKIE_SECURE", default=True, formatter=bool
)
SESSION_SAVE_EVERY_REQUEST = config(
"SESSION_SAVE_EVERY_REQUEST", default=SESSION_SAVE_EVERY_REQUEST, formatter=bool
Expand Down
6 changes: 0 additions & 6 deletions releases/master/0/bare/CHANGELOG.md
Expand Up @@ -13,10 +13,4 @@ release.
## [Unreleased]

### Fixed

- Fix build by installing py2neo 3.1.2 from its github repository
- Fix build after get-pip.py script moved location
- Fix pip install for python 2.7

[unreleased]: https://github.com/openfun/openedx-docker
2 changes: 1 addition & 1 deletion releases/master/0/bare/config/cms/docker_run_production.py
Expand Up @@ -204,7 +204,7 @@
"SESSION_ENGINE", default="django.contrib.sessions.backends.cache"
)
SESSION_COOKIE_SECURE = config(
"SESSION_COOKIE_SECURE", default=SESSION_COOKIE_SECURE, formatter=bool
"SESSION_COOKIE_SECURE", default=True, formatter=bool
)
SESSION_SAVE_EVERY_REQUEST = config(
"SESSION_SAVE_EVERY_REQUEST", default=SESSION_SAVE_EVERY_REQUEST, formatter=bool
Expand Down
2 changes: 1 addition & 1 deletion releases/master/0/bare/config/lms/docker_run_production.py
Expand Up @@ -164,7 +164,7 @@
"SESSION_COOKIE_HTTPONLY", default=True, formatter=bool
)
SESSION_COOKIE_SECURE = config(
"SESSION_COOKIE_SECURE", default=SESSION_COOKIE_SECURE, formatter=bool
"SESSION_COOKIE_SECURE", default=True, formatter=bool
)
SESSION_SAVE_EVERY_REQUEST = config(
"SESSION_SAVE_EVERY_REQUEST", default=SESSION_SAVE_EVERY_REQUEST, formatter=bool
Expand Down

0 comments on commit d2bf8af

Please sign in to comment.