X-Git-Url: http://git.freeside.biz/gitweb/?a=blobdiff_plain;f=htetc%2Ffreeside-base2.conf;h=6a1d2fb640c0ff1629dfa2d761bab90c079f40b5;hb=2c54d21c2d415f8d6db520de694e5ac7be3a8c8f;hp=1bbe90a59696ad58e5fe304b0c521e6832205d72;hpb=63973c641c4be00765fa27e55c57cc5b9aa4da19;p=freeside.git
diff --git a/htetc/freeside-base2.conf b/htetc/freeside-base2.conf
index 1bbe90a59..6a1d2fb64 100644
--- a/htetc/freeside-base2.conf
+++ b/htetc/freeside-base2.conf
@@ -6,12 +6,11 @@ PerlModule HTML::Mason
PerlSetVar MasonArgsMethod CGI
PerlModule HTML::Mason::ApacheHandler
-PerlChildInitHandler "sub { srand }"
-
PerlRequire "%%%MASON_HANDLER%%%"
+PerlChildInitHandler FS::Mason::child_init
+
#Locale::SubCountry
-#
AddDefaultCharset UTF-8
PerlModule FS::AuthCookieHandler
@@ -19,8 +18,8 @@ PerlModule FS::AuthCookieHandler
#XXX need to also work properly for installs w/o /freeside/ in path
PerlSetVar FreesideLoginScript /freeside/loginout/login.html
-#PerlSetVar FreesideEverSecure 1
-PerlSetVar FreesideHttpOnly 1
+#PerlSetVar FreesideSecure 1 #disables HTTP, so HTTPS only
+PerlSetVar FreesideHttpOnly 1 #limits cookie theft via JS
@@ -48,6 +47,11 @@ PerlSetVar FreesideHttpOnly 1
Satisfy any
+
+
+ Deny from all
+ SetHandler None
+
@@ -59,3 +63,9 @@ PerlSetVar FreesideHttpOnly 1
Satisfy any
+
+ Satisfy any
+ SetHandler perl-script
+ PerlHandler HTML::Mason
+
+