diff options
author | Corentin LABBE <clabbe@baylibre.com> | 2018-01-08 14:17:59 +0100 |
---|---|---|
committer | Corentin LABBE <clabbe@baylibre.com> | 2018-01-08 15:15:40 +0100 |
commit | 94a6a8e07e3d7e6c3233554dae2056687590b651 (patch) | |
tree | ef8bef989b370ac16445548618215d1abe0c152d | |
parent | 83781cf3177ae2928221c424caeb2bd880d6cc6c (diff) |
Disable CSRF cookie
When working with HTTP interface, it is impossible to login.
Ths patch also document that in Readme.md
-rw-r--r-- | README.md | 2 | ||||
-rw-r--r-- | lava-master/Dockerfile | 3 | ||||
-rw-r--r-- | lava-master/settings.conf | 16 |
3 files changed, 20 insertions, 1 deletions
@@ -98,4 +98,4 @@ Note that this container provides defaults which are unsecure. If you plan on de * Changing the default admin password * Using HTTPS - + * Re-enable CSRF cookie (disabled in lava-master/Dockerfile) diff --git a/lava-master/Dockerfile b/lava-master/Dockerfile index 2dd44b0..4705e45 100644 --- a/lava-master/Dockerfile +++ b/lava-master/Dockerfile @@ -78,6 +78,9 @@ RUN /start.sh && /setup.sh && /stop.sh #uncomment if you want to use squid #RUN sed -i 's,^.*http_proxy:.*, http_proxy: http://squid:3128,' /etc/lava-server/env.yaml +#comment this if you do HTTPS (For reenabling CSRF cookie) +COPY settings.conf /etc/lava-server/ + EXPOSE 69/udp 80 3079 5555 5556 CMD /start.sh && bash diff --git a/lava-master/settings.conf b/lava-master/settings.conf new file mode 100644 index 0000000..c809e2c --- /dev/null +++ b/lava-master/settings.conf @@ -0,0 +1,16 @@ +{ + "DEBUG": false, + "STATICFILES_DIRS": [ + ["lava-server", "/usr/share/pyshared/lava_server/htdocs/"] + ], + "MEDIA_ROOT": "/var/lib/lava-server/default/media", + "ARCHIVE_ROOT": "/var/lib/lava-server/default/archive", + "STATIC_ROOT": "/usr/share/lava-server/static", + "STATIC_URL": "/static/", + "MOUNT_POINT": "/", + "HTTPS_XML_RPC": false, + "LOGIN_URL": "/accounts/login/", + "LOGIN_REDIRECT_URL": "/", + "CSRF_COOKIE_SECURE": false, + "SESSION_COOKIE_SECURE": false +} |