Add Secure and SameSite cookie flags

2018-08-28 00:40:58 +02:00 · 2018-08-28 00:40:58 +02:00 · b9a642da1e
commit b9a642da1e
parent 5ffaa2bf69
2 changed files with 5 additions and 2 deletions
--- a/lib/pleroma/web/endpoint.ex
+++ b/lib/pleroma/web/endpoint.ex
@ -49,7 +49,9 @@ defmodule Pleroma.Web.Endpoint do
    Plug.Session,
    store: :cookie,
    key: "_pleroma_key",
-    signing_salt: "CqaoopA2"
+    signing_salt: "CqaoopA2",
+    secure: Application.get_env(:pleroma, Pleroma.Web.Endpoint) |> Keyword.get(:secure_cookie_flag),
+    extra: "SameSite=Lax"
  )

  plug(Pleroma.Web.Router)