-
Story
-
Resolution: Done
-
Undefined
-
None
-
None
We need to enable secure cookies, HSTS, etc. as it was enabled with tripleo.
In the previous release, the relevant code looked like this: https://github.com/openstack/puppet-horizon/blob/master/templates/local_settings.py.erb#L27-L54
We need similar settings with the horizon-operator.
The bugs related to HSTS in the previous release:
- https://bugzilla.redhat.com/show_bug.cgi?id=2071531
- https://bugzilla.redhat.com/show_bug.cgi?id=2176699
We will need to add something similar to the horizon-operator.
Django documentation: https://docs.djangoproject.com/en/3.2/topics/security/#ssl-https
Acceptance criteria:
- horizon response headers contain the required hsts headers
- the cookies are set as secure