From: shibayashi <shibayashi@cypherpunk.observer>
Date: Tue, 28 Aug 2018 20:34:31 +0000 (+0200)
Subject: Explicitly set 'http_only' to true
X-Git-Url: http://git.squeep.com/?a=commitdiff_plain;h=18ad8aaecfae154deabab6f82da0c06dcf91d4c1;p=akkoma

Explicitly set 'http_only' to true
---

diff --git a/lib/pleroma/web/endpoint.ex b/lib/pleroma/web/endpoint.ex
index 17f6b9bb6..6e60c9017 100644
--- a/lib/pleroma/web/endpoint.ex
+++ b/lib/pleroma/web/endpoint.ex
@@ -50,6 +50,7 @@ defmodule Pleroma.Web.Endpoint do
     store: :cookie,
     key: "_pleroma_key",
     signing_salt: "CqaoopA2",
+    http_only: true,
     secure:
       Application.get_env(:pleroma, Pleroma.Web.Endpoint) |> Keyword.get(:secure_cookie_flag),
     extra: "SameSite=Strict"