DGNum/demarches-normaliennes
13
1
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity

chore: cookies with "secure" flag (only transmitted through https)

Browse source
This commit is contained in:
Colin Darie 2024-07-03 11:04:16 +02:00
parent b3ccfc16c4
commit 1eb0bdb4ae
No known key found for this signature in database
GPG key ID: 4FB865FDBCA4BCC4
6 changed files with 10 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

3
app/controllers/application_controller/long_lived_authenticity_token.rb
View file

@ -24,7 +24,8 @@ module ApplicationController::LongLivedAuthenticityToken
cookies.signed[COOKIE_NAME] = {
value: csrf_token,
expires: 1.year.from_now,
httponly: true
httponly: true,
secure: Rails.env.production?
}
session[:_csrf_token] = csrf_token