X-Git-Url: http://git.freeside.biz/gitweb/?a=blobdiff_plain;f=htetc%2Ffreeside-base2.conf;h=f2f4c21d067563a56eb07854d3289e9c73a17155;hb=681a340f6be4184b1472a8e1fa9cd5d074f6f325;hp=e2d507a5283769115db5a6a691e9d91873e67edf;hpb=7943c96636596806b9fc99195c23b166728280c8;p=freeside.git
diff --git a/htetc/freeside-base2.conf b/htetc/freeside-base2.conf
index e2d507a52..f2f4c21d0 100644
--- a/htetc/freeside-base2.conf
+++ b/htetc/freeside-base2.conf
@@ -6,12 +6,11 @@ PerlModule HTML::Mason
PerlSetVar MasonArgsMethod CGI
PerlModule HTML::Mason::ApacheHandler
-PerlChildInitHandler "sub { srand }"
-
PerlRequire "%%%MASON_HANDLER%%%"
+PerlChildInitHandler FS::Mason::child_init
+
#Locale::SubCountry
-#
AddDefaultCharset UTF-8
PerlModule FS::AuthCookieHandler
@@ -19,7 +18,10 @@ PerlModule FS::AuthCookieHandler
#XXX need to also work properly for installs w/o /freeside/ in path
PerlSetVar FreesideLoginScript /freeside/loginout/login.html
-#PerlSetVar FreesideEverSecure 1
+#disables HTTP, so HTTPS only
+#PerlSetVar FreesideSecure 1
+
+#prevents cookie theft via JS
PerlSetVar FreesideHttpOnly 1
@@ -48,6 +50,11 @@ PerlSetVar FreesideHttpOnly 1
Satisfy any
+
+
+ Deny from all
+ SetHandler None
+