diff options
Diffstat (limited to 'config/initializers/auto_secure_cookies.rb')
-rw-r--r-- | config/initializers/auto_secure_cookies.rb | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/config/initializers/auto_secure_cookies.rb b/config/initializers/auto_secure_cookies.rb new file mode 100644 index 0000000..004795f --- /dev/null +++ b/config/initializers/auto_secure_cookies.rb @@ -0,0 +1,17 @@ +# rails only allows to globally flag session cookies as either secure or not +# this patch sets the secure flag for cookies based on the protocol (@secure) +# this is used to send cookies via http but flag them secure for https +# which allows use with HTTP over Tor for an onion domain +# this is acceptable because nginx redirects clearnet http to https + +module ActionDispatch + class Cookies + class CookieJar + private + def write_cookie?(cookie) + cookie[:secure] = @secure + true + end + end + end +end
\ No newline at end of file |