projects
/
freeside.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
fix nit
[freeside.git]
/
htetc
/
freeside-base2.4.conf
diff --git
a/htetc/freeside-base2.4.conf
b/htetc/freeside-base2.4.conf
index
c4e93f8
..
dbf4013
100644
(file)
--- a/
htetc/freeside-base2.4.conf
+++ b/
htetc/freeside-base2.4.conf
@@
-1,17
+1,17
@@
PerlModule Apache2::compat
PerlModule Apache2::compat
+#PerlModule DBIx::Profile
#PerlModule Apache::DBI
PerlModule HTML::Mason
PerlSetVar MasonArgsMethod CGI
PerlModule HTML::Mason::ApacheHandler
#PerlModule Apache::DBI
PerlModule HTML::Mason
PerlSetVar MasonArgsMethod CGI
PerlModule HTML::Mason::ApacheHandler
-PerlChildInitHandler "sub { srand }"
-
PerlRequire "%%%MASON_HANDLER%%%"
PerlRequire "%%%MASON_HANDLER%%%"
+PerlChildInitHandler FS::Mason::child_init
+
#Locale::SubCountry
#Locale::SubCountry
-#
AddDefaultCharset UTF-8
PerlModule FS::AuthCookieHandler24
AddDefaultCharset UTF-8
PerlModule FS::AuthCookieHandler24
@@
-20,7
+20,10
@@
PerlAddAuthzProvider user FS::AuthCookieHandler24->authz_handler
#XXX need to also work properly for installs w/o /freeside/ in path
PerlSetVar FreesideLoginScript /freeside/loginout/login.html
#XXX need to also work properly for installs w/o /freeside/ in path
PerlSetVar FreesideLoginScript /freeside/loginout/login.html
-#PerlSetVar FreesideEverSecure 1
+#disables HTTP, so HTTPS only
+#PerlSetVar FreesideSecure 1
+
+#prevents cookie theft via JS
PerlSetVar FreesideHttpOnly 1
<Directory %%%FREESIDE_DOCUMENT_ROOT%%%>
PerlSetVar FreesideHttpOnly 1
<Directory %%%FREESIDE_DOCUMENT_ROOT%%%>
@@
-62,6
+65,11
@@
PerlSetVar FreesideHttpOnly 1
<Files "freeside.css">
Satisfy any
</Files>
<Files "freeside.css">
Satisfy any
</Files>
+
+ <Files ~ "(\.html)$">
+ Deny from all
+ SetHandler None
+ </Files>
</Directory>
<Directory %%%FREESIDE_DOCUMENT_ROOT%%%/rt/Helpers/>
</Directory>
<Directory %%%FREESIDE_DOCUMENT_ROOT%%%/rt/Helpers/>
@@
-72,3
+80,9
@@
PerlSetVar FreesideHttpOnly 1
<Directory %%%FREESIDE_DOCUMENT_ROOT%%%/rt/REST/1.0/NoAuth/>
Satisfy any
</Directory>
<Directory %%%FREESIDE_DOCUMENT_ROOT%%%/rt/REST/1.0/NoAuth/>
Satisfy any
</Directory>
+
+<Directory %%%FREESIDE_DOCUMENT_ROOT%%%/REST/>
+ Satisfy any
+ SetHandler perl-script
+ PerlHandler HTML::Mason
+</Directory>