aboutsummaryrefslogtreecommitdiff
path: root/lib/pleroma/web/endpoint.ex
diff options
context:
space:
mode:
Diffstat (limited to 'lib/pleroma/web/endpoint.ex')
-rw-r--r--lib/pleroma/web/endpoint.ex10
1 files changed, 6 insertions, 4 deletions
diff --git a/lib/pleroma/web/endpoint.ex b/lib/pleroma/web/endpoint.ex
index 3eed047ca..d906db67d 100644
--- a/lib/pleroma/web/endpoint.ex
+++ b/lib/pleroma/web/endpoint.ex
@@ -50,23 +50,25 @@ defmodule Pleroma.Web.Endpoint do
plug(Plug.MethodOverride)
plug(Plug.Head)
+ secure_cookies = Pleroma.Config.get([__MODULE__, :secure_cookie_flag])
+
cookie_name =
- if Application.get_env(:pleroma, Pleroma.Web.Endpoint) |> Keyword.get(:secure_cookie_flag),
+ if secure_cookies,
do: "__Host-pleroma_key",
else: "pleroma_key"
# The session will be stored in the cookie and signed,
# this means its contents can be read but not tampered with.
# Set :encryption_salt if you would also like to encrypt it.
+ # Note: "SameSite=Strict" would cause issues with Twitter OAuth
plug(
Plug.Session,
store: :cookie,
key: cookie_name,
signing_salt: {Pleroma.Config, :get, [[__MODULE__, :signing_salt], "CqaoopA2"]},
http_only: true,
- secure:
- Application.get_env(:pleroma, Pleroma.Web.Endpoint) |> Keyword.get(:secure_cookie_flag),
- extra: "SameSite=Strict"
+ secure: secure_cookies,
+ extra: "SameSite=Lax"
)
plug(Pleroma.Web.Router)
generated by cgit v1.2.3 (git 2.26.2) at 2025-04-25 11:47:37 +0000