Merge remote-tracking branch 'pleroma/develop' into feature/disable-account

[akkoma] / lib / pleroma / web / endpoint.ex

diff --git a/lib/pleroma/web/endpoint.ex b/lib/pleroma/web/endpoint.ex
index 1633477c365dd8aa2649b515d6a55d3a507ecc08..9ef30e8851777327d8adf6a92dca490cfa677db2 100644 (file)
--- a/lib/pleroma/web/endpoint.ex
+++ b/lib/pleroma/web/endpoint.ex
@@ -29,6 +29,13 @@ defmodule Pleroma.Web.Endpoint do
     # credo:disable-for-previous-line Credo.Check.Readability.MaxLineLength
   )
 
+  plug(Plug.Static.IndexHtml, at: "/pleroma/admin/")
+
+  plug(Plug.Static,
+    at: "/pleroma/admin/",
+    from: {:pleroma, "priv/static/adminfe/"}
+  )
+
   # Code reloading can be explicitly enabled under the
   # :code_reloader configuration of your endpoint.
   if code_reloading? do
@@ -58,14 +65,9 @@ defmodule Pleroma.Web.Endpoint do
       do: "__Host-pleroma_key",
       else: "pleroma_key"
 
-  same_site =
-    if Pleroma.Config.oauth_consumer_enabled?() do
-      # Note: "SameSite=Strict" prevents sign in with external OAuth provider
-      #   (there would be no cookies during callback request from OAuth provider)
-      "SameSite=Lax"
-    else
-      "SameSite=Strict"
-    end
+  extra =
+    Pleroma.Config.get([__MODULE__, :extra_cookie_attrs])
+    |> Enum.join(";")
 
   # The session will be stored in the cookie and signed,
   # this means its contents can be read but not tampered with.
@@ -77,7 +79,7 @@ defmodule Pleroma.Web.Endpoint do
     signing_salt: {Pleroma.Config, :get, [[__MODULE__, :signing_salt], "CqaoopA2"]},
     http_only: true,
     secure: secure_cookies,
-    extra: same_site
+    extra: extra
   )
 
   # Note: the plug and its configuration is compile-time this can't be upstreamed yet