projects
/
freeside.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Bug fix to #73185, discovered via #71513
[freeside.git]
/
htetc
/
freeside-base2.conf
diff --git
a/htetc/freeside-base2.conf
b/htetc/freeside-base2.conf
index
1bbe90a
..
f2f4c21
100644
(file)
--- a/
htetc/freeside-base2.conf
+++ b/
htetc/freeside-base2.conf
@@
-6,12
+6,11
@@
PerlModule HTML::Mason
PerlSetVar MasonArgsMethod CGI
PerlModule HTML::Mason::ApacheHandler
PerlSetVar MasonArgsMethod CGI
PerlModule HTML::Mason::ApacheHandler
-PerlChildInitHandler "sub { srand }"
-
PerlRequire "%%%MASON_HANDLER%%%"
PerlRequire "%%%MASON_HANDLER%%%"
+PerlChildInitHandler FS::Mason::child_init
+
#Locale::SubCountry
#Locale::SubCountry
-#
AddDefaultCharset UTF-8
PerlModule FS::AuthCookieHandler
AddDefaultCharset UTF-8
PerlModule FS::AuthCookieHandler
@@
-19,7
+18,10
@@
PerlModule FS::AuthCookieHandler
#XXX need to also work properly for installs w/o /freeside/ in path
PerlSetVar FreesideLoginScript /freeside/loginout/login.html
#XXX need to also work properly for installs w/o /freeside/ in path
PerlSetVar FreesideLoginScript /freeside/loginout/login.html
-#PerlSetVar FreesideEverSecure 1
+#disables HTTP, so HTTPS only
+#PerlSetVar FreesideSecure 1
+
+#prevents cookie theft via JS
PerlSetVar FreesideHttpOnly 1
<Directory %%%FREESIDE_DOCUMENT_ROOT%%%>
PerlSetVar FreesideHttpOnly 1
<Directory %%%FREESIDE_DOCUMENT_ROOT%%%>
@@
-48,6
+50,11
@@
PerlSetVar FreesideHttpOnly 1
<Files "freeside.css">
Satisfy any
</Files>
<Files "freeside.css">
Satisfy any
</Files>
+
+ <Files ~ "(\.html)$">
+ Deny from all
+ SetHandler None
+ </Files>
</Directory>
<Directory %%%FREESIDE_DOCUMENT_ROOT%%%/rt/Helpers/>
</Directory>
<Directory %%%FREESIDE_DOCUMENT_ROOT%%%/rt/Helpers/>
@@
-59,3
+66,9
@@
PerlSetVar FreesideHttpOnly 1
Satisfy any
</Directory>
Satisfy any
</Directory>
+<Directory %%%FREESIDE_DOCUMENT_ROOT%%%/REST/1.0/>
+ Satisfy any
+ SetHandler perl-script
+ PerlHandler HTML::Mason
+</Directory>
+