Merge pull request #4730 from edx-solutions/secure-cookies

secure-cookies: Allow to use secure HTTPS cookies (Django setting)
2014-10-09 10:24:34 -04:00
parent b78bb976cc e8259b8234
commit fc5148438d
4 changed files with 4 additions and 0 deletions
--- a/cms/envs/aws.py
+++ b/cms/envs/aws.py
@@ -133,6 +133,7 @@ if 'loc_cache' not in CACHES:

 SESSION_COOKIE_DOMAIN = ENV_TOKENS.get('SESSION_COOKIE_DOMAIN')
 SESSION_ENGINE = ENV_TOKENS.get('SESSION_ENGINE', SESSION_ENGINE)
+SESSION_COOKIE_SECURE = ENV_TOKENS.get('SESSION_COOKIE_SECURE', SESSION_COOKIE_SECURE)

 # allow for environments to specify what cookie name our login subsystem should use
 # this is to fix a bug regarding simultaneous logins between edx.org and edge.edx.org which can
--- a/cms/envs/common.py
+++ b/cms/envs/common.py
@@ -269,6 +269,7 @@ MODULESTORE_BRANCH = 'draft-preferred'
 # Change DEBUG/TEMPLATE_DEBUG in your environment settings files, not here
 DEBUG = False
 TEMPLATE_DEBUG = False
+SESSION_COOKIE_SECURE = False

 # Site info
 SITE_ID = 1
--- a/lms/envs/aws.py
+++ b/lms/envs/aws.py
@@ -147,6 +147,7 @@ HTTPS = ENV_TOKENS.get('HTTPS', HTTPS)
 SESSION_ENGINE = ENV_TOKENS.get('SESSION_ENGINE', SESSION_ENGINE)
 SESSION_COOKIE_DOMAIN = ENV_TOKENS.get('SESSION_COOKIE_DOMAIN')
 REGISTRATION_EXTRA_FIELDS = ENV_TOKENS.get('REGISTRATION_EXTRA_FIELDS', REGISTRATION_EXTRA_FIELDS)
+SESSION_COOKIE_SECURE = ENV_TOKENS.get('SESSION_COOKIE_SECURE', SESSION_COOKIE_SECURE)

 CMS_BASE = ENV_TOKENS.get('CMS_BASE', 'studio.edx.org')

--- a/lms/envs/common.py
+++ b/lms/envs/common.py
@@ -644,6 +644,7 @@ COURSES_WITH_UNSAFE_CODE = []
 DEBUG = False
 TEMPLATE_DEBUG = False
 USE_TZ = True
+SESSION_COOKIE_SECURE = False

 # CMS base
 CMS_BASE = 'localhost:8001'