From 61edf2788833e9cc1acd5e697e31c31ed3962bdb Mon Sep 17 00:00:00 2001
From: jomo <github@jomo.tv>
Date: Sun, 8 Jan 2017 08:06:37 +0100
Subject: add CookieJar patch to flag cookies as secure based on the connection
 protocol

rails only allows to globally flag session cookies as either secure or not
this patch sets the secure flag for cookies based on the protocol (http/https)
this is used to send cookies via http but flag them secure for https
which allows use with HTTP over Tor for an onion domain
this is acceptable because nginx redirects clearnet http to https
---
 config/initializers/auto_secure_cookies.rb | 17 +++++++++++++++++
 config/initializers/session_store.rb       |  2 +-
 2 files changed, 18 insertions(+), 1 deletion(-)
 create mode 100644 config/initializers/auto_secure_cookies.rb

diff --git a/config/initializers/auto_secure_cookies.rb b/config/initializers/auto_secure_cookies.rb
new file mode 100644
index 0000000..004795f
--- /dev/null
+++ b/config/initializers/auto_secure_cookies.rb
@@ -0,0 +1,17 @@
+# rails only allows to globally flag session cookies as either secure or not
+# this patch sets the secure flag for cookies based on the protocol (@secure)
+# this is used to send cookies via http but flag them secure for https
+# which allows use with HTTP over Tor for an onion domain
+# this is acceptable because nginx redirects clearnet http to https
+
+module ActionDispatch
+  class Cookies
+    class CookieJar
+      private
+      def write_cookie?(cookie)
+        cookie[:secure] = @secure
+        true
+      end
+    end
+  end
+end
\ No newline at end of file
diff --git a/config/initializers/session_store.rb b/config/initializers/session_store.rb
index d2c5fb0..b9c9633 100644
--- a/config/initializers/session_store.rb
+++ b/config/initializers/session_store.rb
@@ -6,4 +6,4 @@
 Redstoner::Application.config.session_store :active_record_store,
   key: 'redstoner_session',
   expire_after: 5.days,
-  secure: Rails.env.production?
\ No newline at end of file
+  secure: nil # see config/initializers/auto_secure_cookies.rb
\ No newline at end of file
-- 
cgit v1.2.3