added csrf cookie secure settings

9d1e24e8 · nadeemshahzad · bd0665ac · 9d1e24e8 · 9d1e24e8 · 9d1e24e8
Commit 9d1e24e8 authored Feb 09, 2018 by nadeemshahzad
5 changed files
--- a/playbooks/roles/analytics_api/defaults/main.yml
+++ b/playbooks/roles/analytics_api/defaults/main.yml
@@ -132,6 +132,7 @@ ANALYTICS_API_SERVICE_CONFIG:
  MAX_PAGE_SIZE: '{{ ANALYTICS_API_MAX_PAGE_SIZE }}'
  AGGREGATE_PAGE_SIZE: '{{ ANALYTICS_API_AGGREGATE_PAGE_SIZE }}'
  REPORT_DOWNLOAD_BACKEND: '{{ ANALYTICS_API_REPORT_DOWNLOAD_BACKEND }}'
+  CSRF_COOKIE_SECURE: "{{ ANALYTICS_API_CSRF_COOKIE_SECURE }}"

 ANALYTICS_API_REPOS:
  - PROTOCOL: "{{ COMMON_GIT_PROTOCOL }}"
@@ -145,6 +146,8 @@ ANALYTICS_API_REPOS:
 ANALYTICS_API_GUNICORN_WORKERS: "2"
 ANALYTICS_API_GUNICORN_EXTRA: ""
 ANALYTICS_API_GUNICORN_EXTRA_CONF: ""
+
+ANALYTICS_API_CSRF_COOKIE_SECURE: false
 #
 # vars are namespace with the module name.
 #

--- a/playbooks/roles/credentials/defaults/main.yml
+++ b/playbooks/roles/credentials/defaults/main.yml
@@ -147,6 +147,7 @@ credentials_service_config_overrides:
  CERTIFICATE_LANGUAGES: '{{ CREDENTIALS_CERTIFICATE_LANGUAGES }}'
  CREDENTIALS_SERVICE_USER: '{{ CREDENTIALS_SERVICE_USER }}'
  FILE_STORAGE_BACKEND: '{{ CREDENTIALS_FILE_STORAGE_BACKEND }}'
+  CSRF_COOKIE_SECURE: "{{ CREDENTIALS_CSRF_COOKIE_SECURE }}"

 # See edx_django_service_automated_users for an example of what this should be
 CREDENTIALS_AUTOMATED_USERS: {}
@@ -157,6 +158,8 @@ credentials_create_demo_data: false
 CREDENTIALS_LMS_URL_ROOT: !!null
 CREDENTIALS_DISCOVERY_API_URL:  !!null

+CREDENTIALS_CSRF_COOKIE_SECURE: false
+
 credentials_post_migrate_commands:
  - command: './manage.py create_or_update_site --site-id=1 --site-domain={{ CREDENTIALS_DOMAIN }} --site-name="Open edX" --platform-name="Open edX" --company-name="Open edX" --lms-url-root={{ CREDENTIALS_LMS_URL_ROOT }} --catalog-api-url={{ CREDENTIALS_DISCOVERY_API_URL }} --tos-url={{ CREDENTIALS_LMS_URL_ROOT }}/tos --privacy-policy-url={{ CREDENTIALS_LMS_URL_ROOT }}/privacy --homepage-url={{ CREDENTIALS_LMS_URL_ROOT }} --certificate-help-url={{ CREDENTIALS_LMS_URL_ROOT }}/faq --theme-name=openedx'
    when: '{{ credentials_create_demo_data }}'
--- a/playbooks/roles/discovery/defaults/main.yml
+++ b/playbooks/roles/discovery/defaults/main.yml
@@ -154,6 +154,9 @@ discovery_service_config_overrides:
  LANGUAGE_CODE: '{{DISCOVERY_LANGUAGE_CODE}}'
  PARLER_DEFAULT_LANGUAGE_CODE: '{{DISCOVERY_PARLER_DEFAULT_LANGUAGE_CODE}}'
  PARLER_LANGUAGES : '{{DISCOVERY_PARLER_LANGUAGES}}'
+  CSRF_COOKIE_SECURE: "{{ DISCOVERY_CSRF_COOKIE_SECURE }}"

 # See edx_django_service_automated_users for an example of what this should be
 DISCOVERY_AUTOMATED_USERS: {}
+
+DISCOVERY_CSRF_COOKIE_SECURE: false
--- a/playbooks/roles/ecommerce/defaults/main.yml
+++ b/playbooks/roles/ecommerce/defaults/main.yml
@@ -184,10 +184,12 @@ ecommerce_service_config_overrides:
  COMPREHENSIVE_THEME_DIRS: "{{ ECOMMERCE_COMPREHENSIVE_THEME_DIRS }}"
  ENABLE_COMPREHENSIVE_THEMING: "{{ ECOMMERCE_ENABLE_COMPREHENSIVE_THEMING }}"
  DEFAULT_SITE_THEME: "{{ ECOMMERCE_DEFAULT_SITE_THEME }}"
-
+  CSRF_COOKIE_SECURE: "{{ ECOMMERCE_CSRF_COOKIE_SECURE }}"

 ECOMMERCE_GUNICORN_EXTRA: ""

+ECOMMERCE_CSRF_COOKIE_SECURE: false
+
 #
 # vars are namespace with the module name.
 #

--- a/playbooks/roles/insights/defaults/main.yml
+++ b/playbooks/roles/insights/defaults/main.yml
@@ -147,6 +147,7 @@ INSIGHTS_CONFIG:
  LEARNER_API_LIST_DOWNLOAD_FIELDS: "{{ INSIGHTS_LEARNER_API_LIST_DOWNLOAD_FIELDS }}"
  # CDN url to serve assets from
  CDN_DOMAIN: "{{ INSIGHTS_CDN_DOMAIN }}"
+  CSRF_COOKIE_SECURE: "{{ INSIGHTS_CSRF_COOKIE_SECURE }}"

 INSIGHTS_NEWRELIC_APPNAME: "{{ COMMON_ENVIRONMENT }}-{{ COMMON_DEPLOYMENT }}-analytics-api"
 INSIGHTS_PIP_EXTRA_ARGS: "-i {{ COMMON_PYPI_MIRROR_URL }}"
@@ -170,6 +171,7 @@ INSIGHTS_REPOS:
    DESTINATION: "{{ insights_code_dir }}"
    SSH_KEY: "{{ INSIGHTS_GIT_IDENTITY }}"

+INSIGHTS_CSRF_COOKIE_SECURE: false
 #
 # vars are namespace with the module name.
 #