From 87c76a9a2fa95702df05e935c8eb232188df1318 Mon Sep 17 00:00:00 2001 From: shibayashi Date: Tue, 13 Nov 2018 00:32:38 +0100 Subject: [PATCH] Add __Host- prefix when secure flag is enabled --- lib/pleroma/web/endpoint.ex | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/lib/pleroma/web/endpoint.ex b/lib/pleroma/web/endpoint.ex index 7783b8e5c..85bb4ff5f 100644 --- a/lib/pleroma/web/endpoint.ex +++ b/lib/pleroma/web/endpoint.ex @@ -46,13 +46,18 @@ defmodule Pleroma.Web.Endpoint do plug(Plug.MethodOverride) plug(Plug.Head) + cookie_name = + if Application.get_env(:pleroma, Pleroma.Web.Endpoint) |> Keyword.get(:secure_cookie_flag), + do: "__Host-pleroma_key", + else: "pleroma_key" + # The session will be stored in the cookie and signed, # this means its contents can be read but not tampered with. # Set :encryption_salt if you would also like to encrypt it. plug( Plug.Session, store: :cookie, - key: "_pleroma_key", + key: cookie_name, signing_salt: "CqaoopA2", http_only: true, secure: -- 2.45.2