X-Git-Url: http://git.freeside.biz/gitweb/?a=blobdiff_plain;f=htetc%2Ffreeside-base2.4.conf;h=ee716f32079fd4c992d842a19a862284905d647b;hb=dd21870b44d5557e9bff786c0476012c151f035a;hp=36ce3a5158c9bd0900b475ed074ceb1aa6e3cd77;hpb=5f8111de04a4a914c72a1642722476db4728339c;p=freeside.git

diff --git a/htetc/freeside-base2.4.conf b/htetc/freeside-base2.4.conf
index 36ce3a515..ee716f320 100644
--- a/htetc/freeside-base2.4.conf
+++ b/htetc/freeside-base2.4.conf
@@ -1,18 +1,17 @@
 PerlModule Apache2::compat
 
-PerlModule DBIx::Profile
+#PerlModule DBIx::Profile
 #PerlModule Apache::DBI
 
 PerlModule HTML::Mason
 PerlSetVar MasonArgsMethod CGI
 PerlModule HTML::Mason::ApacheHandler
 
-PerlChildInitHandler "sub { srand }"
-
 PerlRequire "%%%MASON_HANDLER%%%"
 
+PerlChildInitHandler FS::Mason::child_init
+
 #Locale::SubCountry
-#
 AddDefaultCharset UTF-8
 
 PerlModule FS::AuthCookieHandler24
@@ -21,8 +20,8 @@ PerlAddAuthzProvider user FS::AuthCookieHandler24->authz_handler
 #XXX need to also work properly for installs w/o /freeside/ in path
 PerlSetVar FreesideLoginScript /freeside/loginout/login.html
 
-#PerlSetVar FreesideEverSecure 1
-PerlSetVar FreesideHttpOnly 1
+#PerlSetVar FreesideSecure 1 #disables HTTP, so HTTPS only
+PerlSetVar FreesideHttpOnly 1 #limits cookie theft via JS
 
 <Directory %%%FREESIDE_DOCUMENT_ROOT%%%>
 
@@ -63,6 +62,11 @@ PerlSetVar FreesideHttpOnly 1
     <Files "freeside.css">
         Satisfy any
     </Files>
+
+    <Files ~ "(\.html)$">
+        Deny from all
+        SetHandler None
+    </Files>
 </Directory>
 
 <Directory %%%FREESIDE_DOCUMENT_ROOT%%%/rt/Helpers/>