X-Git-Url: http://git.freeside.biz/gitweb/?a=blobdiff_plain;ds=sidebyside;f=htetc%2Ffreeside-base2.4.conf;h=dbf4013cdf4330355c42b388507f7705c8cee1ec;hb=b14a3eaedbfaf0c90c359b03af2e73b2ba6916e5;hp=33963409f5f023a7f3e5d93d81076ab31bda61b7;hpb=de7167ac01e77d08f1fdd05ba229eb87b2c67e6d;p=freeside.git
diff --git a/htetc/freeside-base2.4.conf b/htetc/freeside-base2.4.conf
index 33963409f..dbf4013cd 100644
--- a/htetc/freeside-base2.4.conf
+++ b/htetc/freeside-base2.4.conf
@@ -7,12 +7,11 @@ PerlModule HTML::Mason
PerlSetVar MasonArgsMethod CGI
PerlModule HTML::Mason::ApacheHandler
-PerlChildInitHandler "sub { srand }"
-
PerlRequire "%%%MASON_HANDLER%%%"
+PerlChildInitHandler FS::Mason::child_init
+
#Locale::SubCountry
-#
AddDefaultCharset UTF-8
PerlModule FS::AuthCookieHandler24
@@ -21,7 +20,10 @@ PerlAddAuthzProvider user FS::AuthCookieHandler24->authz_handler
#XXX need to also work properly for installs w/o /freeside/ in path
PerlSetVar FreesideLoginScript /freeside/loginout/login.html
-#PerlSetVar FreesideEverSecure 1
+#disables HTTP, so HTTPS only
+#PerlSetVar FreesideSecure 1
+
+#prevents cookie theft via JS
PerlSetVar FreesideHttpOnly 1
@@ -63,6 +65,11 @@ PerlSetVar FreesideHttpOnly 1
Satisfy any
+
+
+ Deny from all
+ SetHandler None
+