Commit Graph

18 Commits

Author SHA1 Message Date
Matt Scott
e82759cbc4 Updated Docker file to include npm as a new requirement for the admin-lte npm module.
Also added session persistence setting to default and docker configuration files.

Changed the default persistence configuration of the default config file to use SQLite instead of MySQL.
2023-02-17 19:00:09 -05:00
Matt Scott
948973ac83 Merge branch 'feature/privacy-first' 2023-01-24 05:32:38 -05:00
corubba
3a8ad7c444 Remove OFFLINE_MODE config option 2022-06-18 19:11:16 +02:00
corubba
52b704baeb Set SameSite on cookies
Setting this attribute on a cookie marks it as non-cross-site, so it
is only send in requests to our own server. It is reasonable that no
one else should need our session or csrf data. Setting it explicitly
also prevents any issues from the ongoing change in browser behaviour [0]
when it is unset.

Seasurf supports the SameSite attribute starting with v0.3. As nothing
obviously broke, I used the opportunity and updated all the way to the
most recent version.

The SeaSurf default for SameSite is already `Lax`, so it only needs to
be set for the session cookie.

[0] https://developers.google.com/search/blog/2020/01/get-ready-for-new-samesitenone-secure
2022-06-18 18:51:42 +02:00
corubba
1a77524447 Allow secure cookies in docker
Setting these two options to True is recommended if (and only if) you
serve PDA via TLS. It will break things on plain-HTTP deployments.
For plain deployments these can be set in the flask config file, for
docker they have to be whitelisted to be set via env vars.
2022-06-18 18:51:42 +02:00
corubba
ae2ad6527a Set csrf cookie to httponly
The CSRF token is currently inserted directly in the template and not
in the browser via JavaScript from the cookie, so making it inaccessible
is not a problem.

The Sesson-cookie is already httponly by default [0].

[0] https://flask.palletsprojects.com/en/2.1.x/config/?highlight=session_cookie_httponly#SESSION_COOKIE_HTTPONLY
2022-06-18 18:51:42 +02:00
benshalev849
3081036c2c
Env oauth url (#1030)
Overriding settings in DB using environment variable in docker
2021-11-05 18:22:38 +02:00
Ian Bobbitt
39cddd3b34
SAML improvements for Docker (#929)
* Fix typo in managing user account membership with SAML assertion

* Support more config options from Docker env.

* Improve support for SAML key and cert from Docker secrets

Co-authored-by: Ian Bobbitt <ibobbitt@globalnoc.iu.edu>
2021-05-07 23:36:55 +02:00
jodygilbert
7f86730909
allow-server-side-sessions (#855) 2021-01-24 09:09:53 +01:00
Nicolás Fantone
eb730be8f9 Add remote user config settings 2020-05-25 14:12:32 +01:00
Roei Ganor
483c767d26 Offline installation and searchable inputs 2020-04-30 17:20:37 +00:00
Felix Kaechele
06266846ec Use sqlite by default in docker
This allows for easy setup with no extra configuration.
Also update docs to reflect the new and easy way to run PowerDNS-Admin.

Signed-off-by: Felix Kaechele <felix@kaechele.ca>
2020-04-20 18:32:36 -04:00
Khanh Ngo
452c4a02d8
Merge pull request #690 from Atisom/master
SAML debug attributes
2020-04-06 09:40:03 +07:00
Khanh Ngo
b2d72d6603
Fix docker bool config value 2020-04-02 09:41:26 +07:00
Benjamin Bässler
7e97bec07f
Add docker secrets support 2020-03-27 00:59:28 +01:00
Attila DEBRECZENI
a581aa3cf2 add SAML_ASSERTION_ENCRYPTED envrionment 2020-03-25 21:35:20 +00:00
Khanh Ngo
7739bf7cfc
Add user email verification 2019-12-21 21:43:03 +07:00
Khanh Ngo
840e2a4750 Update docker stuff and bug fixes 2019-12-04 11:50:46 +07:00