Add Secure and SameSite cookie flags

author shibayashi <shibayashi@cypherpunk.observer>

Mon, 27 Aug 2018 22:40:58 +0000 (00:40 +0200)

committer shibayashi <shibayashi@cypherpunk.observer>

Mon, 27 Aug 2018 22:40:58 +0000 (00:40 +0200)
author shibayashi <shibayashi@cypherpunk.observer>
Mon, 27 Aug 2018 22:40:58 +0000 (00:40 +0200)
committer shibayashi <shibayashi@cypherpunk.observer>
Mon, 27 Aug 2018 22:40:58 +0000 (00:40 +0200)
diff --git a/config/config.exs b/config/config.exs

index eaf20e8f993dadae8d78fbfe262d6890a52f2c87..d5e28f586c80e5faa8b920371975c5da05cda52a 100644 (file)
--- a/config/config.exs
+++ b/config/config.exs
@@ -24,7 +24,8 @@ config :pleroma, Pleroma.Web.Endpoint,
    protocol: "https",
    secret_key_base: "aK4Abxf29xU9TTDKre9coZPUgevcVCFQJe/5xP/7Lt4BEif6idBIbjupVbOrbKxl",
    render_errors: [view: Pleroma.Web.ErrorView, accepts: ~w(json)],
-  pubsub: [name: Pleroma.PubSub, adapter: Phoenix.PubSub.PG2]
+  pubsub: [name: Pleroma.PubSub, adapter: Phoenix.PubSub.PG2],
+  secure_cookie_flag: true
  
  # Configures Elixir's Logger
  config :logger, :console,
diff --git a/lib/pleroma/web/endpoint.ex b/lib/pleroma/web/endpoint.ex

index cbedca0046333196030b838363640e4be1c139d0..e81bc75b625d4d90c1516a0ef96f450c7176d863 100644 (file)
--- a/lib/pleroma/web/endpoint.ex
+++ b/lib/pleroma/web/endpoint.ex
@@ -49,7 +49,9 @@ defmodule Pleroma.Web.Endpoint do
      Plug.Session,
      store: :cookie,
      key: "_pleroma_key",
-    signing_salt: "CqaoopA2"
+    signing_salt: "CqaoopA2",
+    secure: Application.get_env(:pleroma, Pleroma.Web.Endpoint) |> Keyword.get(:secure_cookie_flag),
+    extra: "SameSite=Lax"
    )
  
    plug(Pleroma.Web.Router)
author	shibayashi <shibayashi@cypherpunk.observer>
	Mon, 27 Aug 2018 22:40:58 +0000 (00:40 +0200)
committer	shibayashi <shibayashi@cypherpunk.observer>
	Mon, 27 Aug 2018 22:40:58 +0000 (00:40 +0200)
config/config.exs		patch \| blob \| history
lib/pleroma/web/endpoint.ex		patch \| blob \| history