Files
@ 43ad9c3b7d5d
Branch filter:
Location: kallithea/docs/index.rst - annotation
43ad9c3b7d5d
1.1 KiB
text/prs.fallenstein.rst
middleware: use secure cookies over secure connections
HTTP cookie spec defines secure cookies, which are transmitted only over secure
connections (HTTPS). Using them helps protect against some attacks, but cookies
shouldn't be made secure when we don't have HTTPS configured. As it is now, it's
left at user's discretion, but probably it's a good idea to force secure cookies
when they can be used.
In the current implementation, cookies are issued to users before they actually
try to log in, on the first page load. So if that happens over HTTPS, it's
probably safe to assume secure cookies can be used, and to default to normal
"insecure" cookies if HTTPS isn't available.
It's not easy to sneak into Beaker's internals, and it doesn't support selective
secureness, so we use our own wrapper around Beaker's SessionMiddleware class to
give secure cookies over HTTPS connections. Beaker's built-in mechanism for
secure cookies is forced to add the flag when needed only.
HTTP cookie spec defines secure cookies, which are transmitted only over secure
connections (HTTPS). Using them helps protect against some attacks, but cookies
shouldn't be made secure when we don't have HTTPS configured. As it is now, it's
left at user's discretion, but probably it's a good idea to force secure cookies
when they can be used.
In the current implementation, cookies are issued to users before they actually
try to log in, on the first page load. So if that happens over HTTPS, it's
probably safe to assume secure cookies can be used, and to default to normal
"insecure" cookies if HTTPS isn't available.
It's not easy to sneak into Beaker's internals, and it doesn't support selective
secureness, so we use our own wrapper around Beaker's SessionMiddleware class to
give secure cookies over HTTPS connections. Beaker's built-in mechanism for
secure cookies is forced to add the flag when needed only.
5f481e4e888b 5f481e4e888b beb4cbf30d00 beb4cbf30d00 03bbd33bc084 03bbd33bc084 bdd1ddd05b7c 03bbd33bc084 03bbd33bc084 5f481e4e888b 03bbd33bc084 03bbd33bc084 03bbd33bc084 5f481e4e888b 5f481e4e888b 5f481e4e888b 5f481e4e888b 154becd92f40 5f481e4e888b 64b1a2320bcb d95ea48af67b e69d34136be5 3389f272ece1 8b8edfc25856 bb35ad076e2f bb35ad076e2f bb35ad076e2f bb35ad076e2f bb35ad076e2f bbd499c7b55e 601282d36c06 aa17c7a1b8a5 bbd499c7b55e beb4cbf30d00 beb4cbf30d00 beb4cbf30d00 beb4cbf30d00 beb4cbf30d00 beb4cbf30d00 beb4cbf30d00 af371e206ec5 4d076981a7b1 aa90719e8520 4d076981a7b1 bb35ad076e2f bb35ad076e2f bb35ad076e2f bb35ad076e2f 8b8edfc25856 bb35ad076e2f 42a87338035a 5f481e4e888b bb35ad076e2f bb35ad076e2f bb35ad076e2f 9da24750f563 bb35ad076e2f b43a121f3137 b43a121f3137 8b8edfc25856 bb35ad076e2f 5f481e4e888b a60cd29ba7e2 5f481e4e888b 5f481e4e888b 5f481e4e888b 5f481e4e888b a60cd29ba7e2 5f481e4e888b 5f481e4e888b 5f481e4e888b 9472a0150bf0 5f481e4e888b a60cd29ba7e2 a60cd29ba7e2 a60cd29ba7e2 8b8edfc25856 | .. _index:
Kallithea Documentation
-----------------------
**Readme**
.. toctree::
:maxdepth: 1
readme
**Installation**
.. toctree::
:maxdepth: 1
overview
installation
installation_win
installation_win_old
installation_iis
setup
**Usage**
.. toctree::
:maxdepth: 1
usage/general
usage/vcs_support
usage/locking
usage/statistics
**Administrators Guide**
.. toctree::
:maxdepth: 1
usage/performance
usage/backup
usage/debugging
usage/troubleshooting
**Develop**
.. toctree::
:maxdepth: 1
contributing
changelog
**API**
.. toctree::
:maxdepth: 1
api/api
api/models
Other topics
------------
* :ref:`genindex`
* :ref:`search`
.. _virtualenv: http://pypi.python.org/pypi/virtualenv
.. _python: http://www.python.org/
.. _django: http://www.djangoproject.com/
.. _mercurial: http://mercurial.selenic.com/
.. _bitbucket: http://bitbucket.org/
.. _subversion: http://subversion.tigris.org/
.. _git: http://git-scm.com/
.. _celery: http://celeryproject.org/
.. _Sphinx: http://sphinx.pocoo.org/
.. _vcs: http://pypi.python.org/pypi/vcs
|