Files @ ae947de541d5
Branch filter:

Location: kallithea/init.d/supervisord.conf

ae947de541d5 2.6 KiB text/plain Show Annotation Show as Raw Download as Raw
Mads Kiilerich
auth: check CSRF protection token when authenticating

Use pylons secure_form to get CSRF protection on all authenticated POSTs. This
fixes CVE-2015-0276.

GETs should not have any side effects and do thus not need CSRF protection.

Reported by Paul van Empelen.
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
; Kallithea Supervisord
; ##########################
; for help see http://supervisord.org/configuration.html
; ##########################

[inet_http_server]         ; inet (TCP) server disabled by default
port=127.0.0.1:9001        ; (ip_address:port specifier, *:port for all iface)
;username=user              ; (default is no username (open server))
;password=123               ; (default is no password (open server))

[supervisord]
logfile=/%(here)s/supervisord_kallithea.log ; (main log file;default $CWD/supervisord.log)
logfile_maxbytes=50MB        ; (max main logfile bytes b4 rotation;default 50MB)
logfile_backups=10           ; (num of main logfile rotation backups;default 10)
loglevel=info                ; (log level;default info; others: debug,warn,trace)
pidfile=/%(here)s/supervisord_kallithea.pid ; (supervisord pidfile;default supervisord.pid)
nodaemon=true               ; (start in foreground if true;default false)
minfds=1024                  ; (min. avail startup file descriptors;default 1024)
minprocs=200                 ; (min. avail process descriptors;default 200)
umask=022                    ; (process file creation umask;default 022)
user=username                  ; (default is current user, required if root)
;identifier=supervisor       ; (supervisord identifier, default is 'supervisor')
;directory=/tmp              ; (default is not to cd during start)
;nocleanup=true              ; (don't clean up tempfiles at start;default false)
;childlogdir=/tmp            ; ('AUTO' child log dir, default $TEMP)
environment=HOME=/srv/kallithea       ; (key value pairs to add to environment)
;strip_ansi=false            ; (strip ansi escape codes in logs; def. false)

; the below section must remain in the config file for RPC
; (supervisorctl/web interface) to work, additional interfaces may be
; added by defining them in separate rpcinterface: sections
[rpcinterface:supervisor]
supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface

[supervisorctl]
serverurl=http://127.0.0.1:9001 ; use an http:// url to specify an inet socket
;username=user               ; should be same as http_username if set
;password=123                ; should be same as http_password if set
;prompt=mysupervisor         ; cmd line prompt (default "supervisor")
;history_file=~/.sc_history  ; use readline history if available


; restart with supervisorctl restart kallithea:*
[program:kallithea]
numprocs = 1
numprocs_start = 5000 # possible should match ports
directory=/srv/kallithea
command = /srv/kallithea/venv/bin/paster serve my.ini
process_name = %(program_name)s_%(process_num)04d
redirect_stderr=true 
stdout_logfile=/%(here)s/kallithea.log
Server instance: clio-6687 This site is powered by Kallithea 0.7.0, which is © 2010–2025 by various authors & licensed under GPLv3. – Support