diff options
| author | shibayashi <shibayashi@cypherpunk.observer> | 2018-11-13 00:32:38 +0100 |
|---|---|---|
| committer | shibayashi <shibayashi@cypherpunk.observer> | 2018-11-13 00:32:38 +0100 |
| commit | 87c76a9a2fa95702df05e935c8eb232188df1318 (patch) | |
| tree | 9081a7fcdfbd67a73ec450c490fd2e857ade92c8 /lib | |
| parent | 0ce5623134de4356e74160f8d3e717aae414b1e7 (diff) | |
| download | pleroma-87c76a9a2fa95702df05e935c8eb232188df1318.tar.gz | |
Add __Host- prefix when secure flag is enabled
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/pleroma/web/endpoint.ex | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/lib/pleroma/web/endpoint.ex b/lib/pleroma/web/endpoint.ex index 7783b8e5c..85bb4ff5f 100644 --- a/lib/pleroma/web/endpoint.ex +++ b/lib/pleroma/web/endpoint.ex @@ -46,13 +46,18 @@ defmodule Pleroma.Web.Endpoint do plug(Plug.MethodOverride) plug(Plug.Head) + cookie_name = + if Application.get_env(:pleroma, Pleroma.Web.Endpoint) |> Keyword.get(:secure_cookie_flag), + do: "__Host-pleroma_key", + else: "pleroma_key" + # The session will be stored in the cookie and signed, # this means its contents can be read but not tampered with. # Set :encryption_salt if you would also like to encrypt it. plug( Plug.Session, store: :cookie, - key: "_pleroma_key", + key: cookie_name, signing_salt: "CqaoopA2", http_only: true, secure: |