Merge branch 'add-secure-and-samesite-cookie-flags' into 'develop'

Add Secure and SameSite cookie flags See merge request pleroma/pleroma!302
author: kaniini <nenolod@gmail.com> 2018-09-07 23:55:42 +0000
committer: kaniini <nenolod@gmail.com> 2018-09-07 23:55:42 +0000
commit: 530561a091f6f82e27ef3d5011b929b00e2da964 (patch)
tree: b83ecbfe5b2c6febfedb414f4f4b841938387555 /lib
parent: b0ec4f33e661cb14730a622d64dbc721e2723825 (diff)
parent: 18ad8aaecfae154deabab6f82da0c06dcf91d4c1 (diff)
download: pleroma-530561a091f6f82e27ef3d5011b929b00e2da964.tar.gz
1 files changed, 5 insertions, 1 deletions
diff --git a/lib/pleroma/web/endpoint.ex b/lib/pleroma/web/endpoint.ex
index 1e5ac2721..955bd61f3 100644
--- a/lib/pleroma/web/endpoint.ex
+++ b/lib/pleroma/web/endpoint.ex
@@ -49,7 +49,11 @@ defmodule Pleroma.Web.Endpoint do
     Plug.Session,
     store: :cookie,
     key: "_pleroma_key",
-    signing_salt: "CqaoopA2"
+    signing_salt: "CqaoopA2",
+    http_only: true,
+    secure:
+      Application.get_env(:pleroma, Pleroma.Web.Endpoint) |> Keyword.get(:secure_cookie_flag),
+    extra: "SameSite=Strict"
   )
 
   plug(Pleroma.Web.Router)
author	kaniini <nenolod@gmail.com>	2018-09-07 23:55:42 +0000
committer	kaniini <nenolod@gmail.com>	2018-09-07 23:55:42 +0000
commit	530561a091f6f82e27ef3d5011b929b00e2da964 (patch)
tree	b83ecbfe5b2c6febfedb414f4f4b841938387555 /lib
parent	b0ec4f33e661cb14730a622d64dbc721e2723825 (diff)
parent	18ad8aaecfae154deabab6f82da0c06dcf91d4c1 (diff)
download	pleroma-530561a091f6f82e27ef3d5011b929b00e2da964.tar.gz