autonomic-cooperative/hometown
0
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
01e44b886d
hometown/config/initializers/secureheaders.rb
Cecylia Bocovich e79f8dd85c
Onion service related changes to HTTPS handling (#15560) 
* Enable secure cookie flag for https only

* Disable force_ssl for .onion hosts only

Co-authored-by: Aiden McClelland <me@drbonez.dev>
2021-02-11 04:40:13 +01:00

11 lines
192 B
Ruby
Raw Blame History

SecureHeaders::Configuration.default do |config|
config.cookies = {
secure: true,
httponly: true,
samesite: {
lax: true
}
}
config.csp = SecureHeaders::OPT_OUT
end
Reference in New Issue View Git Blame Copy Permalink