mastodon/config/initializers/secureheaders.rb at eb23f985928f5d394209475ad4308a4d20dfb5f2 - vbatts/mastodon - Git - Batts Cloud

vbatts/mastodon

Cecylia Bocovich e79f8dd85c

Onion service related changes to HTTPS handling (#15560 )

* Enable secure cookie flag for https only

* Disable force_ssl for .onion hosts only

Co-authored-by: Aiden McClelland <me@drbonez.dev>

2021-02-11 04:40:13 +01:00

10 lines

192 B

Ruby

Raw Blame History

 SecureHeaders::Configuration.default do |config|
   config.cookies = {
     secure: true,
     httponly: true,
     samesite: {
       lax: true
     }
   }
   config.csp = SecureHeaders::OPT_OUT
 end