zydronium/neocities
1
0
Fork 0
mirror of https://github.com/neocities/neocities.git synced 2025-04-25 01:32:36 +02:00
Code Issues Projects Releases Packages Wiki Activity

fortify cookie security - samesite, secure, explicit httponly

Browse source
This commit is contained in:
Kyle Drake 2017-01-10 16:43:14 -06:00
parent d12dc53631
commit 57e31c66e3
1 changed files with 4 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
app.rb
View file

@ -4,7 +4,10 @@ require './app_helpers.rb'
use Rack::Session::Cookie, key: 'neocities', use Rack::Session::Cookie, key: 'neocities',
path: '/', path: '/',
expire_after: 31556926, # one year in seconds expire_after: 31556926, # one year in seconds
secret: $config['session_secret'] secret: $config['session_secret'],
httponly: true,
same_site: true,
secure: ENV['RACK_ENV'] == 'production'
use Rack::Recaptcha, public_key: $config['recaptcha_public_key'], private_key: $config['recaptcha_private_key'] use Rack::Recaptcha, public_key: $config['recaptcha_public_key'], private_key: $config['recaptcha_private_key']
use Rack::TempfileReaper use Rack::TempfileReaper