21fb3f3684
* Drop dependency on secure_headers, use always_write_cookie instead * Fix cookies in Tor Hidden Services by moving configuration to application.rb * Instead of setting always_write_cookie at boot, monkey-patch ActionDispatch
2 lines
151 B
Ruby
2 lines
151 B
Ruby
Makara::Cookie::DEFAULT_OPTIONS[:same_site] = :lax
|
|
Makara::Cookie::DEFAULT_OPTIONS[:secure] = Rails.env.production? || ENV['LOCAL_HTTPS'] == 'true'
|