summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--config/initializers/auto_secure_cookies.rb17
-rw-r--r--config/initializers/session_store.rb2
2 files changed, 18 insertions, 1 deletions
diff --git a/config/initializers/auto_secure_cookies.rb b/config/initializers/auto_secure_cookies.rb
new file mode 100644
index 0000000..004795f
--- /dev/null
+++ b/config/initializers/auto_secure_cookies.rb
@@ -0,0 +1,17 @@
+# rails only allows to globally flag session cookies as either secure or not
+# this patch sets the secure flag for cookies based on the protocol (@secure)
+# this is used to send cookies via http but flag them secure for https
+# which allows use with HTTP over Tor for an onion domain
+# this is acceptable because nginx redirects clearnet http to https
+
+module ActionDispatch
+ class Cookies
+ class CookieJar
+ private
+ def write_cookie?(cookie)
+ cookie[:secure] = @secure
+ true
+ end
+ end
+ end
+end \ No newline at end of file
diff --git a/config/initializers/session_store.rb b/config/initializers/session_store.rb
index d2c5fb0..b9c9633 100644
--- a/config/initializers/session_store.rb
+++ b/config/initializers/session_store.rb
@@ -6,4 +6,4 @@
Redstoner::Application.config.session_store :active_record_store,
key: 'redstoner_session',
expire_after: 5.days,
- secure: Rails.env.production? \ No newline at end of file
+ secure: nil # see config/initializers/auto_secure_cookies.rb \ No newline at end of file
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-14 15:02:07 +0000