From: shibayashi Date: Mon, 27 Aug 2018 22:40:58 +0000 (+0200) Subject: Add Secure and SameSite cookie flags X-Git-Url: https://git.squeep.com/?a=commitdiff_plain;h=b9a642da1ec290386d04245eb17175866e40308c;p=akkoma Add Secure and SameSite cookie flags --- diff --git a/config/config.exs b/config/config.exs index eaf20e8f9..d5e28f586 100644 --- a/config/config.exs +++ b/config/config.exs @@ -24,7 +24,8 @@ config :pleroma, Pleroma.Web.Endpoint, protocol: "https", secret_key_base: "aK4Abxf29xU9TTDKre9coZPUgevcVCFQJe/5xP/7Lt4BEif6idBIbjupVbOrbKxl", render_errors: [view: Pleroma.Web.ErrorView, accepts: ~w(json)], - pubsub: [name: Pleroma.PubSub, adapter: Phoenix.PubSub.PG2] + pubsub: [name: Pleroma.PubSub, adapter: Phoenix.PubSub.PG2], + secure_cookie_flag: true # Configures Elixir's Logger config :logger, :console, diff --git a/lib/pleroma/web/endpoint.ex b/lib/pleroma/web/endpoint.ex index cbedca004..e81bc75b6 100644 --- a/lib/pleroma/web/endpoint.ex +++ b/lib/pleroma/web/endpoint.ex @@ -49,7 +49,9 @@ defmodule Pleroma.Web.Endpoint do Plug.Session, store: :cookie, key: "_pleroma_key", - signing_salt: "CqaoopA2" + signing_salt: "CqaoopA2", + secure: Application.get_env(:pleroma, Pleroma.Web.Endpoint) |> Keyword.get(:secure_cookie_flag), + extra: "SameSite=Lax" ) plug(Pleroma.Web.Router)