Redstoner/redstoner.com
Archived
0
Fork 0
Code Issues Pull Requests 2 Wiki Activity

add CookieJar patch to flag cookies as secure based on the connection protocol

Browse Source 
rails only allows to globally flag session cookies as either secure or not
this patch sets the secure flag for cookies based on the protocol (http/https)
this is used to send cookies via http but flag them secure for https
which allows use with HTTP over Tor for an onion domain
this is acceptable because nginx redirects clearnet http to https
This commit is contained in:
jomo
2017-01-08 08:06:37 +01:00
parent abeb405bab
commit 61edf27888
2 changed files with 18 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
config/initializers/auto_secure_cookies.rb Normal file
View File

@@ -0,0 +1,17 @@
# rails only allows to globally flag session cookies as either secure or not
# this patch sets the secure flag for cookies based on the protocol (@secure)
# this is used to send cookies via http but flag them secure for https
# which allows use with HTTP over Tor for an onion domain
# this is acceptable because nginx redirects clearnet http to https
module ActionDispatch
class Cookies
class CookieJar
private
def write_cookie?(cookie)
cookie[:secure] = @secure
true
end
end
end
end

2
config/initializers/session_store.rb
View File

@@ -6,4 +6,4 @@
Redstoner::Application.config.session_store :active_record_store,
key: 'redstoner_session',
expire_after: 5.days,
secure: Rails.env.production?
secure: nil # see config/initializers/auto_secure_cookies.rb