Explicitly set 'http_only' to true

author: shibayashi <shibayashi@cypherpunk.observer> 2018-08-28 22:34:31 +0200
committer: shibayashi <shibayashi@cypherpunk.observer> 2018-08-28 22:34:31 +0200
commit: 18ad8aaecfae154deabab6f82da0c06dcf91d4c1 (patch)
tree: 155795f6dd03217548dd8be8b1ef42efc41cfaac /lib
parent: 4656a07e9e394f451ea48646901ae61c7f0c9f86 (diff)
download: pleroma-18ad8aaecfae154deabab6f82da0c06dcf91d4c1.tar.gz
1 files changed, 1 insertions, 0 deletions
diff --git a/lib/pleroma/web/endpoint.ex b/lib/pleroma/web/endpoint.ex
index 17f6b9bb6..6e60c9017 100644
--- a/lib/pleroma/web/endpoint.ex
+++ b/lib/pleroma/web/endpoint.ex
@@ -50,6 +50,7 @@ defmodule Pleroma.Web.Endpoint do
     store: :cookie,
     key: "_pleroma_key",
     signing_salt: "CqaoopA2",
+    http_only: true,
     secure:
       Application.get_env(:pleroma, Pleroma.Web.Endpoint) |> Keyword.get(:secure_cookie_flag),
     extra: "SameSite=Strict"
author	shibayashi <shibayashi@cypherpunk.observer>	2018-08-28 22:34:31 +0200
committer	shibayashi <shibayashi@cypherpunk.observer>	2018-08-28 22:34:31 +0200
commit	18ad8aaecfae154deabab6f82da0c06dcf91d4c1 (patch)
tree	155795f6dd03217548dd8be8b1ef42efc41cfaac /lib
parent	4656a07e9e394f451ea48646901ae61c7f0c9f86 (diff)
download	pleroma-18ad8aaecfae154deabab6f82da0c06dcf91d4c1.tar.gz