Allow enhanced cookie protection to be disabled for compatibility with dynamically addressed hosting environments. Fixes #4566

This commit is contained in:
Murtuza Zabuawala 2019-08-06 09:21:31 +01:00 committed by Dave Page
parent f8afe2ef94
commit ee8fec6d7f
3 changed files with 12 additions and 1 deletions

View File

@ -13,6 +13,7 @@ New features
| `Issue #4334 <https://redmine.postgresql.org/issues/4334>`_ - Add support for generated columns in Postgres 12+. | `Issue #4334 <https://redmine.postgresql.org/issues/4334>`_ - Add support for generated columns in Postgres 12+.
| `Issue #4540 <https://redmine.postgresql.org/issues/4540>`_ - Use the full tab space for CodeMirror instances on dialogues where appropriate. | `Issue #4540 <https://redmine.postgresql.org/issues/4540>`_ - Use the full tab space for CodeMirror instances on dialogues where appropriate.
| `Issue #4549 <https://redmine.postgresql.org/issues/4549>`_ - Allow a banner to be displayed on the login and other related pages showing custom text. | `Issue #4549 <https://redmine.postgresql.org/issues/4549>`_ - Allow a banner to be displayed on the login and other related pages showing custom text.
| `Issue #4566 <https://redmine.postgresql.org/issues/4566>`_ - Allow enhanced cookie protection to be disabled for compatibility with dynamically addressed hosting environments.
Housekeeping Housekeeping
************ ************

View File

@ -432,6 +432,16 @@ ALLOW_SAVE_TUNNEL_PASSWORD = False
########################################################################## ##########################################################################
MASTER_PASSWORD_REQUIRED = True MASTER_PASSWORD_REQUIRED = True
##########################################################################
# Allows pgAdmin4 to create session cookies based on IP address, so even
# if a cookie is stolen, the attacker will not be able to connect to the
# server using that stolen cookie.
# Note: This can cause problems when the server is deployed in dynamic IP
# address hosting environments, such as Kubernetes or behind load
# balancers. In such cases, this option should be set to False.
##########################################################################
ENHANCED_COOKIE_PROTECTION = True
########################################################################## ##########################################################################
# Local config settings # Local config settings
########################################################################## ##########################################################################

View File

@ -390,7 +390,7 @@ def create_app(app_name=None):
) )
# Make the Session more secure against XSS & CSRF when running in web mode # Make the Session more secure against XSS & CSRF when running in web mode
if config.SERVER_MODE: if config.SERVER_MODE and config.ENHANCED_COOKIE_PROTECTION:
paranoid = Paranoid(app) paranoid = Paranoid(app)
paranoid.redirect_view = 'browser.index' paranoid.redirect_view = 'browser.index'