From f6547dedb10bb2128f6593dbe1b87ea19dbb0484 Mon Sep 17 00:00:00 2001 From: Zev Benjamin Date: Thu, 17 Jan 2013 20:42:54 -0500 Subject: [PATCH] Set a wildcard subdomain for the session and csrf cookie domains on staging (imported from commit fda2d99d9e9a07951d11fcd9fc61cf229988f471) --- humbug/settings.py | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/humbug/settings.py b/humbug/settings.py index c922852652..02848a03ad 100644 --- a/humbug/settings.py +++ b/humbug/settings.py @@ -117,6 +117,11 @@ if DEPLOYED: SESSION_COOKIE_SECURE = True CSRF_COOKIE_SECURE = True +# For get_updates host sharding +if STAGING_DEPLOYED: + SESSION_COOKIE_DOMAIN = '.' + platform.node() + CSRF_COOKIE_DOMAIN = '.' + platform.node() + # Prevent Javascript from reading the CSRF token from cookies. Our code gets # the token from the DOM, which means malicious code could too. But hiding the # cookie will slow down some attackers.