Add __Host- prefix when secure flag is enabled

author shibayashi <shibayashi@cypherpunk.observer>

Mon, 12 Nov 2018 23:32:38 +0000 (00:32 +0100)

committer shibayashi <shibayashi@cypherpunk.observer>

Mon, 12 Nov 2018 23:32:38 +0000 (00:32 +0100)
author shibayashi <shibayashi@cypherpunk.observer>
Mon, 12 Nov 2018 23:32:38 +0000 (00:32 +0100)
committer shibayashi <shibayashi@cypherpunk.observer>
Mon, 12 Nov 2018 23:32:38 +0000 (00:32 +0100)
diff --git a/lib/pleroma/web/endpoint.ex b/lib/pleroma/web/endpoint.ex

index 7783b8e5cec06470e0281f466450cd612668654b..85bb4ff5f45a3a7a1d38b70c7eb730cebb68430e 100644 (file)
--- a/lib/pleroma/web/endpoint.ex
+++ b/lib/pleroma/web/endpoint.ex
@@ -46,13 +46,18 @@ defmodule Pleroma.Web.Endpoint do
    plug(Plug.MethodOverride)
    plug(Plug.Head)
  
+  cookie_name =
+    if Application.get_env(:pleroma, Pleroma.Web.Endpoint) |> Keyword.get(:secure_cookie_flag),
+      do: "__Host-pleroma_key",
+      else: "pleroma_key"
+
    # The session will be stored in the cookie and signed,
    # this means its contents can be read but not tampered with.
    # Set :encryption_salt if you would also like to encrypt it.
    plug(
      Plug.Session,
      store: :cookie,
-    key: "_pleroma_key",
+    key: cookie_name,
      signing_salt: "CqaoopA2",
      http_only: true,
      secure:
author	shibayashi <shibayashi@cypherpunk.observer>
	Mon, 12 Nov 2018 23:32:38 +0000 (00:32 +0100)
committer	shibayashi <shibayashi@cypherpunk.observer>
	Mon, 12 Nov 2018 23:32:38 +0000 (00:32 +0100)