hj/pleroma
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Sign in via Twitter (WIP).

Browse source
This commit is contained in:
Ivan Tashkinov 2019-03-11 20:37:26 +03:00
commit 63ab61ed3f
9 changed files with 63 additions and 10 deletions
Download patch file Download diff file Expand all files Collapse all files

10
lib/pleroma/web/endpoint.ex
View file

@ -50,23 +50,25 @@ defmodule Pleroma.Web.Endpoint do
plug(Plug.MethodOverride)
plug(Plug.Head)
secure_cookies = Pleroma.Config.get([__MODULE__, :secure_cookie_flag])
cookie_name =
if Application.get_env(:pleroma, Pleroma.Web.Endpoint) |> Keyword.get(:secure_cookie_flag),
if secure_cookies,
do: "__Host-pleroma_key",
else: "pleroma_key"
# The session will be stored in the cookie and signed,
# this means its contents can be read but not tampered with.
# Set :encryption_salt if you would also like to encrypt it.
# Note: "SameSite=Strict" would cause issues with Twitter OAuth
plug(
Plug.Session,
store: :cookie,
key: cookie_name,
signing_salt: {Pleroma.Config, :get, [[__MODULE__, :signing_salt], "CqaoopA2"]},
http_only: true,
secure:
Application.get_env(:pleroma, Pleroma.Web.Endpoint) |> Keyword.get(:secure_cookie_flag),
extra: "SameSite=Strict"
secure: secure_cookies,
extra: "SameSite=Lax"
)
plug(Pleroma.Web.Router)