From 94a6a8e07e3d7e6c3233554dae2056687590b651 Mon Sep 17 00:00:00 2001 From: Corentin LABBE Date: Mon, 8 Jan 2018 14:17:59 +0100 Subject: Disable CSRF cookie When working with HTTP interface, it is impossible to login. Ths patch also document that in Readme.md --- README.md | 2 +- lava-master/Dockerfile | 3 +++ lava-master/settings.conf | 16 ++++++++++++++++ 3 files changed, 20 insertions(+), 1 deletion(-) create mode 100644 lava-master/settings.conf diff --git a/README.md b/README.md index 637662c..11c2aa9 100644 --- a/README.md +++ b/README.md @@ -98,4 +98,4 @@ Note that this container provides defaults which are unsecure. If you plan on de * Changing the default admin password * Using HTTPS - + * Re-enable CSRF cookie (disabled in lava-master/Dockerfile) diff --git a/lava-master/Dockerfile b/lava-master/Dockerfile index 2dd44b0..4705e45 100644 --- a/lava-master/Dockerfile +++ b/lava-master/Dockerfile @@ -78,6 +78,9 @@ RUN /start.sh && /setup.sh && /stop.sh #uncomment if you want to use squid #RUN sed -i 's,^.*http_proxy:.*, http_proxy: http://squid:3128,' /etc/lava-server/env.yaml +#comment this if you do HTTPS (For reenabling CSRF cookie) +COPY settings.conf /etc/lava-server/ + EXPOSE 69/udp 80 3079 5555 5556 CMD /start.sh && bash diff --git a/lava-master/settings.conf b/lava-master/settings.conf new file mode 100644 index 0000000..c809e2c --- /dev/null +++ b/lava-master/settings.conf @@ -0,0 +1,16 @@ +{ + "DEBUG": false, + "STATICFILES_DIRS": [ + ["lava-server", "/usr/share/pyshared/lava_server/htdocs/"] + ], + "MEDIA_ROOT": "/var/lib/lava-server/default/media", + "ARCHIVE_ROOT": "/var/lib/lava-server/default/archive", + "STATIC_ROOT": "/usr/share/lava-server/static", + "STATIC_URL": "/static/", + "MOUNT_POINT": "/", + "HTTPS_XML_RPC": false, + "LOGIN_URL": "/accounts/login/", + "LOGIN_REDIRECT_URL": "/", + "CSRF_COOKIE_SECURE": false, + "SESSION_COOKIE_SECURE": false +} -- cgit 1.2.3-korg