)]}'
{"horizon/values.yaml":[{"author":{"_account_id":20466,"name":"Tin Lam","email":"tin@lam.wtf","username":"tinlam"},"change_message_id":"533e6d6705ebfa69826c94bc25cea862a3535b69","unresolved":true,"context_lines":[{"line_number":183,"context_line":"        # values will not work"},{"line_number":184,"context_line":"        horizon_secret_key: 9aee62c0-5253-4a86-b189-e0fb71fa503c"},{"line_number":185,"context_line":"        debug: \"False\""},{"line_number":186,"context_line":"        use_ssl: \"False\""},{"line_number":187,"context_line":"        keystone_multidomain_support: \"True\""},{"line_number":188,"context_line":"        keystone_default_domain: Default"},{"line_number":189,"context_line":"        disable_password_reveal: \"True\""},{"line_number":190,"context_line":"        csrf_cookie_secure: \"False\""},{"line_number":191,"context_line":"        enforce_password_check: \"True\""},{"line_number":192,"context_line":"        # Set enable_pwd_validator to true to enforce password validator settings."},{"line_number":193,"context_line":"        enable_pwd_validator: false"},{"line_number":194,"context_line":"        pwd_validator_regex: \u0027(?\u003d.*[a-zA-Z])(?\u003d.*\\d).{8,}|(?\u003d.*\\d)(?\u003d.*\\W).{8,}|(?\u003d.*\\W)(?\u003d.*[a-zA-Z]).{8,}\u0027"}],"source_content_type":"text/x-yaml","patch_set":2,"id":"32ff68bd_12d91d7f","line":191,"range":{"start_line":186,"start_character":6,"end_line":191,"end_character":38},"updated":"2021-02-05 19:34:14.000000000","message":"does it make sense to just secure the session cookies and then leave the csrf_cookie_secure false and don\u0027t have ssl on by default? It seems to just provide a partial security default to the deployers. Think it would make more sense to provide a more complete secured profile or just have the deployers override this in their deployment.","commit_id":"ddd982375216f711cdc126961291843bf4458a66"}]}