make Pleroma.Endpoint use extra_cookie_attrs in config

This commit is contained in:
Hakurei Reimu 2019-04-15 12:33:46 +08:00
parent 10096bbf2b
commit 6e26ac10a3

View file

@ -58,14 +58,9 @@ defmodule Pleroma.Web.Endpoint do
do: "__Host-pleroma_key", do: "__Host-pleroma_key",
else: "pleroma_key" else: "pleroma_key"
same_site = extra =
if Pleroma.Config.oauth_consumer_enabled?() do Pleroma.Config.get([__MODULE__, :extra_cookie_attrs])
# Note: "SameSite=Strict" prevents sign in with external OAuth provider |> Enum.join(";")
# (there would be no cookies during callback request from OAuth provider)
"SameSite=Lax"
else
"SameSite=Strict"
end
# The session will be stored in the cookie and signed, # The session will be stored in the cookie and signed,
# this means its contents can be read but not tampered with. # this means its contents can be read but not tampered with.
@ -77,7 +72,7 @@ defmodule Pleroma.Web.Endpoint do
signing_salt: {Pleroma.Config, :get, [[__MODULE__, :signing_salt], "CqaoopA2"]}, signing_salt: {Pleroma.Config, :get, [[__MODULE__, :signing_salt], "CqaoopA2"]},
http_only: true, http_only: true,
secure: secure_cookies, secure: secure_cookies,
extra: same_site extra: extra
) )
# Note: the plug and its configuration is compile-time this can't be upstreamed yet # Note: the plug and its configuration is compile-time this can't be upstreamed yet