From e8259b8234ab6329ac101e81024c03bc6e59e56b Mon Sep 17 00:00:00 2001
From: Xavier Antoviaque <xavier@antoviaque.org>
Date: Thu, 7 Aug 2014 09:30:51 +0200
Subject: [PATCH] secure-cookies: Allow to use secure HTTPS cookies (Django
 setting)

Cf https://docs.djangoproject.com/en/1.4/ref/settings/#std:setting-SESSION_COOKIE_SECURE
---
 cms/envs/aws.py    | 1 +
 cms/envs/common.py | 1 +
 lms/envs/aws.py    | 1 +
 lms/envs/common.py | 1 +
 4 files changed, 4 insertions(+)

diff --git a/cms/envs/aws.py b/cms/envs/aws.py
index e3b0924c8d..3c0184370d 100644
--- a/cms/envs/aws.py
+++ b/cms/envs/aws.py
@@ -133,6 +133,7 @@ if 'loc_cache' not in CACHES:
 
 SESSION_COOKIE_DOMAIN = ENV_TOKENS.get('SESSION_COOKIE_DOMAIN')
 SESSION_ENGINE = ENV_TOKENS.get('SESSION_ENGINE', SESSION_ENGINE)
+SESSION_COOKIE_SECURE = ENV_TOKENS.get('SESSION_COOKIE_SECURE', SESSION_COOKIE_SECURE)
 
 # allow for environments to specify what cookie name our login subsystem should use
 # this is to fix a bug regarding simultaneous logins between edx.org and edge.edx.org which can
diff --git a/cms/envs/common.py b/cms/envs/common.py
index df5df07af7..3a331825ad 100644
--- a/cms/envs/common.py
+++ b/cms/envs/common.py
@@ -268,6 +268,7 @@ MODULESTORE_BRANCH = 'draft-preferred'
 # Change DEBUG/TEMPLATE_DEBUG in your environment settings files, not here
 DEBUG = False
 TEMPLATE_DEBUG = False
+SESSION_COOKIE_SECURE = False
 
 # Site info
 SITE_ID = 1
diff --git a/lms/envs/aws.py b/lms/envs/aws.py
index 7cd2b7d7bd..b40d6a8ca4 100644
--- a/lms/envs/aws.py
+++ b/lms/envs/aws.py
@@ -141,6 +141,7 @@ HTTPS = ENV_TOKENS.get('HTTPS', HTTPS)
 SESSION_ENGINE = ENV_TOKENS.get('SESSION_ENGINE', SESSION_ENGINE)
 SESSION_COOKIE_DOMAIN = ENV_TOKENS.get('SESSION_COOKIE_DOMAIN')
 REGISTRATION_EXTRA_FIELDS = ENV_TOKENS.get('REGISTRATION_EXTRA_FIELDS', REGISTRATION_EXTRA_FIELDS)
+SESSION_COOKIE_SECURE = ENV_TOKENS.get('SESSION_COOKIE_SECURE', SESSION_COOKIE_SECURE)
 
 CMS_BASE = ENV_TOKENS.get('CMS_BASE', 'studio.edx.org')
 
diff --git a/lms/envs/common.py b/lms/envs/common.py
index 45df9dcfa8..4c20ed2c4a 100644
--- a/lms/envs/common.py
+++ b/lms/envs/common.py
@@ -559,6 +559,7 @@ COURSES_WITH_UNSAFE_CODE = []
 DEBUG = False
 TEMPLATE_DEBUG = False
 USE_TZ = True
+SESSION_COOKIE_SECURE = False
 
 # CMS base
 CMS_BASE = 'localhost:8001'