Add a new knob as discussed on matrix with lub

2025-02-21 19:19:39 +02:00 · 2021-03-05 22:26:46 +01:00 · 2021-03-05 22:26:46 +01:00 · 0dcc059cd6
commit 0dcc059cd6
parent aa8cb98906
2 changed files with 3 additions and 1 deletions
--- a/core/admin/mailu/configuration.py
+++ b/core/admin/mailu/configuration.py
@ -54,6 +54,7 @@ DEFAULT_CONFIG = {
    # Advanced settings
    'PASSWORD_SCHEME': 'PBKDF2',
    'LOG_LEVEL': 'WARNING',
+    'SESSION_COOKIE_SECURE': True,
    # Host settings
    'HOST_IMAP': 'imap',
    'HOST_LMTP': 'imap:2525',
@ -125,7 +126,6 @@ class ConfigManager(dict):
        self.config['QUOTA_STORAGE_URL'] = 'redis://{0}/1'.format(self.config['REDIS_ADDRESS'])
        self.config['SESSION_COOKIE_SAMESITE'] = 'Strict'
        self.config['SESSION_COOKIE_HTTPONLY'] = True
-        self.config['SESSION_COOKIE_SECURE'] = self.config['TLS_FLAVOR'] != 'notls'
        # update the app config itself
        app.config = self

--- a/docs/configuration.rst
+++ b/docs/configuration.rst
@ -142,6 +142,8 @@ The ``PASSWORD_SCHEME`` is the password encryption scheme. You should use the
 default value, unless you are importing password from a separate system and
 want to keep using the old password encryption scheme.

+The ``SESSION_COOKIE_SECURE`` (default: True) setting controls the secure flag on the cookies of the administrative interface. It should only be turned off if you intend to access it over plain HTTP.
+
 The ``LOG_LEVEL`` setting is used by the python start-up scripts as a logging threshold.
 Log messages equal or higher than this priority will be printed.
 Can be one of: CRITICAL, ERROR, WARNING, INFO, DEBUG or NOTSET.