Adding config to enable secure CSRF

3fefd84e · e0d · Edward Zarecor · 53dbc8f8 · 3fefd84e
Commit 3fefd84e authored May 01, 2016 by e0d Committed by Edward Zarecor May 11, 2016
Hide whitespace changes
Inline Side-by-side

Showing with 2 additions and 0 deletions

playbooks/roles/edxapp/defaults/main.yml
+2 -0

No files found.
--- a/playbooks/roles/edxapp/defaults/main.yml
+++ b/playbooks/roles/edxapp/defaults/main.yml
@@ -491,6 +491,7 @@ EDXAPP_CORS_ORIGIN_WHITELIST: []
 EDXAPP_CORS_ORIGIN_ALLOW_ALL: false
 EDXAPP_CROSS_DOMAIN_CSRF_COOKIE_DOMAIN: ""
 EDXAPP_CROSS_DOMAIN_CSRF_COOKIE_NAME: ""
+EDXAPP_CSRF_COOKIE_SECURE: false

 # Video Beacon Settings
 CDN_VIDEO_URLS: {}
@@ -755,6 +756,7 @@ generic_env_config:  &edxapp_generic_env
  CORS_ORIGIN_ALLOW_ALL: "{{ EDXAPP_CORS_ORIGIN_ALLOW_ALL }}"
  CROSS_DOMAIN_CSRF_COOKIE_DOMAIN: "{{ EDXAPP_CROSS_DOMAIN_CSRF_COOKIE_DOMAIN }}"
  CROSS_DOMAIN_CSRF_COOKIE_NAME: "{{ EDXAPP_CROSS_DOMAIN_CSRF_COOKIE_NAME }}"
+  CSRF_COOKIE_SECURE: "{{ EDXAPP_CSRF_COOKIE_SECURE  }}"
  VIDEO_UPLOAD_PIPELINE: "{{ EDXAPP_VIDEO_UPLOAD_PIPELINE }}"
  DEPRECATED_ADVANCED_COMPONENT_TYPES: "{{ EDXAPP_DEPRECATED_ADVANCED_COMPONENT_TYPES }}"
  OAUTH_OIDC_ISSUER: "{{ EDXAPP_LMS_ISSUER }}"