Merge branch 'add-secure-and-samesite-cookie-flags' into 'develop'

Add Secure and SameSite cookie flags

See merge request pleroma/pleroma!302
This commit is contained in:
kaniini 2018-09-07 23:55:42 +00:00
commit 530561a091
2 changed files with 7 additions and 2 deletions

View file

@ -32,7 +32,8 @@
protocol: "https", protocol: "https",
secret_key_base: "aK4Abxf29xU9TTDKre9coZPUgevcVCFQJe/5xP/7Lt4BEif6idBIbjupVbOrbKxl", secret_key_base: "aK4Abxf29xU9TTDKre9coZPUgevcVCFQJe/5xP/7Lt4BEif6idBIbjupVbOrbKxl",
render_errors: [view: Pleroma.Web.ErrorView, accepts: ~w(json)], render_errors: [view: Pleroma.Web.ErrorView, accepts: ~w(json)],
pubsub: [name: Pleroma.PubSub, adapter: Phoenix.PubSub.PG2] pubsub: [name: Pleroma.PubSub, adapter: Phoenix.PubSub.PG2],
secure_cookie_flag: true
# Configures Elixir's Logger # Configures Elixir's Logger
config :logger, :console, config :logger, :console,

View file

@ -49,7 +49,11 @@ defmodule Pleroma.Web.Endpoint do
Plug.Session, Plug.Session,
store: :cookie, store: :cookie,
key: "_pleroma_key", key: "_pleroma_key",
signing_salt: "CqaoopA2" signing_salt: "CqaoopA2",
http_only: true,
secure:
Application.get_env(:pleroma, Pleroma.Web.Endpoint) |> Keyword.get(:secure_cookie_flag),
extra: "SameSite=Strict"
) )
plug(Pleroma.Web.Router) plug(Pleroma.Web.Router)