Redstoner/redstoner.com
Archived
0
Fork 0
Code Issues Pull Requests 2 Wiki Activity
This repository has been archived on 2024-08-27. You can view files and clone it, but cannot push or open issues or pull requests.
master
redstoner.com/config/initializers/auto_secure_cookies.rb
jomo 61edf27888 add CookieJar patch to flag cookies as secure based on the connection protocol 
rails only allows to globally flag session cookies as either secure or not
this patch sets the secure flag for cookies based on the protocol (http/https)
this is used to send cookies via http but flag them secure for https
which allows use with HTTP over Tor for an onion domain
this is acceptable because nginx redirects clearnet http to https
2017-01-08 08:06:37 +01:00

17 lines
531 B
Ruby
Raw Permalink Blame History

# rails only allows to globally flag session cookies as either secure or not
# this patch sets the secure flag for cookies based on the protocol (@secure)
# this is used to send cookies via http but flag them secure for https
# which allows use with HTTP over Tor for an onion domain
# this is acceptable because nginx redirects clearnet http to https
module ActionDispatch
class Cookies
class CookieJar
private
def write_cookie?(cookie)
cookie[:secure] = @secure
true
end
end
end
end
Reference in New Issue View Git Blame Copy Permalink