IntenseWebs/pgadmin4
3
0
Fork 0
mirror of https://github.com/pgadmin-org/pgadmin4.git synced 2025-01-24 07:16:52 -06:00
Code Issues Packages Projects Releases Wiki Activity

Allow enhanced cookie protection to be disabled for compatibility with dynamically addressed hosting environments. Fixes #4566

Browse Source
This commit is contained in:
Murtuza Zabuawala 2019-08-06 09:21:31 +01:00 committed by Dave Page
parent f8afe2ef94
commit ee8fec6d7f
3 changed files with 12 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
docs/en_US/release_notes_4_12.rst
View File

@ -13,6 +13,7 @@ New features
| `Issue #4334 <https://redmine.postgresql.org/issues/4334>`_ - Add support for generated columns in Postgres 12+.
| `Issue #4540 <https://redmine.postgresql.org/issues/4540>`_ - Use the full tab space for CodeMirror instances on dialogues where appropriate.
| `Issue #4549 <https://redmine.postgresql.org/issues/4549>`_ - Allow a banner to be displayed on the login and other related pages showing custom text.
| `Issue #4566 <https://redmine.postgresql.org/issues/4566>`_ - Allow enhanced cookie protection to be disabled for compatibility with dynamically addressed hosting environments.
Housekeeping
************

10
web/config.py
View File

@ -432,6 +432,16 @@ ALLOW_SAVE_TUNNEL_PASSWORD = False
##########################################################################
MASTER_PASSWORD_REQUIRED = True
##########################################################################
# Allows pgAdmin4 to create session cookies based on IP address, so even
# if a cookie is stolen, the attacker will not be able to connect to the
# server using that stolen cookie.
# Note: This can cause problems when the server is deployed in dynamic IP
# address hosting environments, such as Kubernetes or behind load
# balancers. In such cases, this option should be set to False.
##########################################################################
ENHANCED_COOKIE_PROTECTION = True
##########################################################################
# Local config settings
##########################################################################

2
web/pgadmin/__init__.py
View File

@ -390,7 +390,7 @@ def create_app(app_name=None):
)
# Make the Session more secure against XSS & CSRF when running in web mode
if config.SERVER_MODE:
if config.SERVER_MODE and config.ENHANCED_COOKIE_PROTECTION:
paranoid = Paranoid(app)
paranoid.redirect_view = 'browser.index'