[freeside-commits] branch master updated. dd21870b44d5557e9bff786c0476012c151f035a

Ivan ivan at 420.am
Sun Sep 25 11:12:10 PDT 2016 

The branch, master has been updated
       via  dd21870b44d5557e9bff786c0476012c151f035a (commit)
      from  915c0aef4455a88a53ac4f0d2f95e0b88b22c4bd (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit dd21870b44d5557e9bff786c0476012c151f035a
Author: Ivan Kohler <ivan at freeside.biz>
Date:   Sun Sep 25 11:12:09 2016 -0700

    document these non-well-named Apache::AuthCookieHandler options

diff --git a/htetc/freeside-base2.4.conf b/htetc/freeside-base2.4.conf
index f0b44d7..ee716f3 100644
--- a/htetc/freeside-base2.4.conf
+++ b/htetc/freeside-base2.4.conf
@@ -20,8 +20,8 @@ PerlAddAuthzProvider user FS::AuthCookieHandler24->authz_handler
 #XXX need to also work properly for installs w/o /freeside/ in path
 PerlSetVar FreesideLoginScript /freeside/loginout/login.html
 
-#PerlSetVar FreesideEverSecure 1
-PerlSetVar FreesideHttpOnly 1
+#PerlSetVar FreesideSecure 1 #disables HTTP, so HTTPS only
+PerlSetVar FreesideHttpOnly 1 #limits cookie theft via JS
 
 <Directory %%%FREESIDE_DOCUMENT_ROOT%%%>
 
diff --git a/htetc/freeside-base2.conf b/htetc/freeside-base2.conf
index 309279d..6a1d2fb 100644
--- a/htetc/freeside-base2.conf
+++ b/htetc/freeside-base2.conf
@@ -18,8 +18,8 @@ PerlModule FS::AuthCookieHandler
 #XXX need to also work properly for installs w/o /freeside/ in path
 PerlSetVar FreesideLoginScript /freeside/loginout/login.html
 
-#PerlSetVar FreesideEverSecure 1
-PerlSetVar FreesideHttpOnly 1
+#PerlSetVar FreesideSecure 1 #disables HTTP, so HTTPS only
+PerlSetVar FreesideHttpOnly 1 #limits cookie theft via JS
 
 <Directory %%%FREESIDE_DOCUMENT_ROOT%%%>
 

-----------------------------------------------------------------------

Summary of changes:
 htetc/freeside-base2.4.conf |    4 ++--
 htetc/freeside-base2.conf   |    4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

More information about the freeside-commits mailing list