make Pleroma.Endpoint use extra_cookie_attrs in config

author: Hakurei Reimu <admin@marchgenso.me> 2019-04-15 12:33:46 +0800
committer: Hakurei Reimu <admin@marchgenso.me> 2019-04-16 22:20:56 +0800
commit: 6e26ac10a36354c2a08ccddd0fd2df658aba5e4b (patch)
tree: b00be22f463d70a90842233359b335cba0837fb3 /lib
parent: 10096bbf2b6c18104cb63b5486681d00eaa5fb6c (diff)
download: pleroma-6e26ac10a36354c2a08ccddd0fd2df658aba5e4b.tar.gz
1 files changed, 4 insertions, 9 deletions
diff --git a/lib/pleroma/web/endpoint.ex b/lib/pleroma/web/endpoint.ex
index 1633477c3..7f939991d 100644
--- a/lib/pleroma/web/endpoint.ex
+++ b/lib/pleroma/web/endpoint.ex
@@ -58,14 +58,9 @@ defmodule Pleroma.Web.Endpoint do
       do: "__Host-pleroma_key",
       else: "pleroma_key"
 
-  same_site =
-    if Pleroma.Config.oauth_consumer_enabled?() do
-      # Note: "SameSite=Strict" prevents sign in with external OAuth provider
-      #   (there would be no cookies during callback request from OAuth provider)
-      "SameSite=Lax"
-    else
-      "SameSite=Strict"
-    end
+  extra =
+    Pleroma.Config.get([__MODULE__, :extra_cookie_attrs])
+    |> Enum.join(";")
 
   # The session will be stored in the cookie and signed,
   # this means its contents can be read but not tampered with.
@@ -77,7 +72,7 @@ defmodule Pleroma.Web.Endpoint do
     signing_salt: {Pleroma.Config, :get, [[__MODULE__, :signing_salt], "CqaoopA2"]},
     http_only: true,
     secure: secure_cookies,
-    extra: same_site
+    extra: extra
   )
 
   # Note: the plug and its configuration is compile-time this can't be upstreamed yet
author	Hakurei Reimu <admin@marchgenso.me>	2019-04-15 12:33:46 +0800
committer	Hakurei Reimu <admin@marchgenso.me>	2019-04-16 22:20:56 +0800
commit	6e26ac10a36354c2a08ccddd0fd2df658aba5e4b (patch)
tree	b00be22f463d70a90842233359b335cba0837fb3 /lib
parent	10096bbf2b6c18104cb63b5486681d00eaa5fb6c (diff)
download	pleroma-6e26ac10a36354c2a08ccddd0fd2df658aba5e4b.tar.gz