blob: 004795fb9cc6e9a5e9aa6050fcdcf6d843b76ae6 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
|
# rails only allows to globally flag session cookies as either secure or not
# this patch sets the secure flag for cookies based on the protocol (@secure)
# this is used to send cookies via http but flag them secure for https
# which allows use with HTTP over Tor for an onion domain
# this is acceptable because nginx redirects clearnet http to https
module ActionDispatch
class Cookies
class CookieJar
private
def write_cookie?(cookie)
cookie[:secure] = @secure
true
end
end
end
end
|