Drop dependency on secure_headers, fix response headers (#15712)
* Drop dependency on secure_headers, use always_write_cookie instead * Fix cookies in Tor Hidden Services by moving configuration to application.rb * Instead of setting always_write_cookie at boot, monkey-patch ActionDispatch
This commit is contained in:
Claire
GitHub
parent
eb23f98592
commit
21fb3f3684
8 changed files with 24 additions and 16 deletions
15
lib/action_dispatch/cookie_jar_extensions.rb
Normal file
15
lib/action_dispatch/cookie_jar_extensions.rb
Normal file
|
|
@ -0,0 +1,15 @@
|
|||
# frozen_string_literal: true
|
||||
|
||||
module ActionDispatch
|
||||
module CookieJarExtensions
|
||||
private
|
||||
|
||||
# Monkey-patch ActionDispatch to serve secure cookies to Tor Hidden Service
|
||||
# users. Otherwise, ActionDispatch would drop the cookie over HTTP.
|
||||
def write_cookie?(*)
|
||||
request.headers['Host'].ends_with?('.onion') || super
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
ActionDispatch::Cookies::CookieJar.prepend(ActionDispatch::CookieJarExtensions)
|
||||
Loading…
Add table
Add a link
Reference in a new issue