autonomic-cooperative/hometown
0
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Onion service related changes to HTTPS handling (#15560)

Browse Source 
* Enable secure cookie flag for https only

* Disable force_ssl for .onion hosts only

Co-authored-by: Aiden McClelland <me@drbonez.dev>
This commit is contained in:
Cecylia Bocovich
2021-02-10 22:40:13 -05:00
committed by GitHub
parent d499bb031f
commit e79f8dd85c
8 changed files with 27 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
config/initializers/session_store.rb
View File

@ -2,6 +2,5 @@
Rails.application.config.session_store :cookie_store, {
key: '_mastodon_session',
secure: (Rails.env.production? || ENV['LOCAL_HTTPS'] == 'true'),
same_site: :lax,
}