From 62e7ce82450688f19389237fe69d062d41dacdfe Mon Sep 17 00:00:00 2001 From: Florent Daigniere Date: Fri, 5 Mar 2021 22:26:46 +0100 Subject: [PATCH] Add a new knob as discussed on matrix with lub (cherry picked from commit 0dcc059cd6950422588a694c3727a443cf56feab) # Conflicts: # core/admin/mailu/configuration.py --- core/admin/mailu/configuration.py | 19 ++++++++++++++++++- docs/configuration.rst | 2 ++ 2 files changed, 20 insertions(+), 1 deletion(-) diff --git a/core/admin/mailu/configuration.py b/core/admin/mailu/configuration.py index d871119a..7421050f 100644 --- a/core/admin/mailu/configuration.py +++ b/core/admin/mailu/configuration.py @@ -72,6 +72,7 @@ DEFAULT_CONFIG = { 'LOGO_URL': None, 'LOGO_BACKGROUND': None, # Advanced settings +<<<<<<< HEAD 'AUTH_REQUIRE_TOKENS': False, 'API': False, 'WEB_API': '/api', @@ -92,6 +93,23 @@ DEFAULT_CONFIG = { 'PROXY_AUTH_HEADER': 'X-Auth-Email', 'PROXY_AUTH_CREATE': False, 'PROXY_AUTH_LOGOUT_URL': None, +======= + 'PASSWORD_SCHEME': 'PBKDF2', + 'LOG_LEVEL': 'WARNING', + 'SESSION_COOKIE_SECURE': True, + # Host settings + 'HOST_IMAP': 'imap', + 'HOST_LMTP': 'imap:2525', + 'HOST_POP3': 'imap', + 'HOST_SMTP': 'smtp', + 'HOST_AUTHSMTP': 'smtp', + 'HOST_ADMIN': 'admin', + 'WEBMAIL': 'none', + 'HOST_WEBMAIL': 'webmail', + 'HOST_WEBDAV': 'webdav:5232', + 'HOST_REDIS': 'redis', + 'HOST_FRONT': 'front', +>>>>>>> 0dcc059c (Add a new knob as discussed on matrix with lub) 'SUBNET': '192.168.203.0/24', 'SUBNET6': None, } @@ -151,7 +169,6 @@ class ConfigManager: self.config['QUOTA_STORAGE_URL'] = 'redis://{0}/1'.format(self.config['REDIS_ADDRESS']) self.config['SESSION_COOKIE_SAMESITE'] = 'Strict' self.config['SESSION_COOKIE_HTTPONLY'] = True - self.config['SESSION_COOKIE_SECURE'] = self.config['TLS_FLAVOR'] != 'notls' # update the app config itself app.config = self >>>>>>> aa8cb989 (Set sensible cookie options) diff --git a/docs/configuration.rst b/docs/configuration.rst index b4b687b1..39f7e222 100644 --- a/docs/configuration.rst +++ b/docs/configuration.rst @@ -235,6 +235,8 @@ intend to access it over plain HTTP. requests before a session is invalidated. ``PERMANENT_SESSION_LIFETIME`` (default: 108000) is the maximum amount of time in seconds a session can be kept alive for if it hasn't timed-out. +The ``SESSION_COOKIE_SECURE`` (default: True) setting controls the secure flag on the cookies of the administrative interface. It should only be turned off if you intend to access it over plain HTTP. + The ``LOG_LEVEL`` setting is used by the python start-up scripts as a logging threshold. Log messages equal or higher than this priority will be printed. Can be one of: CRITICAL, ERROR, WARNING, INFO, DEBUG or NOTSET.