zydronium/neocities
1
0
Fork 0
mirror of https://github.com/neocities/neocities.git synced 2025-04-25 01:32:36 +02:00
Code Issues Projects Releases Packages Wiki Activity

SameSite=Lax for cookies, DENY for X-Frame-Options

Browse source
This commit is contained in:
Kyle Drake 2017-01-25 04:52:20 +00:00
parent 79887f87ba
commit 6dc1abe99b
1 changed files with 2 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
app.rb
View file

@ -6,7 +6,7 @@ use Rack::Session::Cookie, key: 'neocities',
expire_after: 31556926, # one year in seconds expire_after: 31556926, # one year in seconds
secret: $config['session_secret'], secret: $config['session_secret'],
httponly: true, httponly: true,
same_site: true, same_site: :lax,
secure: ENV['RACK_ENV'] == 'production' secure: ENV['RACK_ENV'] == 'production'
use Rack::Recaptcha, public_key: $config['recaptcha_public_key'], private_key: $config['recaptcha_private_key'] use Rack::Recaptcha, public_key: $config['recaptcha_public_key'], private_key: $config['recaptcha_private_key']
@ -25,7 +25,7 @@ helpers do
end end
end end
set :protection, :frame_options => "ALLOW-FROM #{$config['surf_iframe_source']}" set :protection, :frame_options => "DENY"
GEOCITIES_NEIGHBORHOODS = %w{ GEOCITIES_NEIGHBORHOODS = %w{
area51 area51