chore: cookies with "secure" flag (only transmitted through https)
This commit is contained in:
parent
b3ccfc16c4
commit
1eb0bdb4ae
6 changed files with 10 additions and 7 deletions
|
@ -12,8 +12,8 @@ class AgentConnect::AgentController < ApplicationController
|
||||||
def login
|
def login
|
||||||
uri, state, nonce = AgentConnectService.authorization_uri
|
uri, state, nonce = AgentConnectService.authorization_uri
|
||||||
|
|
||||||
cookies.encrypted[STATE_COOKIE_NAME] = state
|
cookies.encrypted[STATE_COOKIE_NAME] = { value: state, secure: Rails.env.production? }
|
||||||
cookies.encrypted[NONCE_COOKIE_NAME] = nonce
|
cookies.encrypted[NONCE_COOKIE_NAME] = { value: nonce, secure: Rails.env.production? }
|
||||||
|
|
||||||
redirect_to uri, allow_other_host: true
|
redirect_to uri, allow_other_host: true
|
||||||
end
|
end
|
||||||
|
|
|
@ -117,7 +117,7 @@ class ApplicationController < ActionController::Base
|
||||||
|
|
||||||
def set_locale(locale)
|
def set_locale(locale)
|
||||||
if locale && locale.to_sym.in?(I18n.available_locales)
|
if locale && locale.to_sym.in?(I18n.available_locales)
|
||||||
cookies[:locale] = locale
|
cookies[:locale] = { value: locale, secure: Rails.env.production? }
|
||||||
if user_signed_in?
|
if user_signed_in?
|
||||||
current_user.update(locale: locale)
|
current_user.update(locale: locale)
|
||||||
end
|
end
|
||||||
|
|
|
@ -24,7 +24,8 @@ module ApplicationController::LongLivedAuthenticityToken
|
||||||
cookies.signed[COOKIE_NAME] = {
|
cookies.signed[COOKIE_NAME] = {
|
||||||
value: csrf_token,
|
value: csrf_token,
|
||||||
expires: 1.year.from_now,
|
expires: 1.year.from_now,
|
||||||
httponly: true
|
httponly: true,
|
||||||
|
secure: Rails.env.production?
|
||||||
}
|
}
|
||||||
session[:_csrf_token] = csrf_token
|
session[:_csrf_token] = csrf_token
|
||||||
|
|
||||||
|
|
|
@ -248,7 +248,8 @@ module Instructeurs
|
||||||
@export_templates = current_instructeur.export_templates_for(@procedure).includes(:groupe_instructeur)
|
@export_templates = current_instructeur.export_templates_for(@procedure).includes(:groupe_instructeur)
|
||||||
cookies.encrypted[cookies_export_key] = {
|
cookies.encrypted[cookies_export_key] = {
|
||||||
value: DateTime.current,
|
value: DateTime.current,
|
||||||
expires: Export::MAX_DUREE_GENERATION + Export::MAX_DUREE_CONSERVATION_EXPORT
|
expires: Export::MAX_DUREE_GENERATION + Export::MAX_DUREE_CONSERVATION_EXPORT,
|
||||||
|
secure: Rails.env.production?
|
||||||
}
|
}
|
||||||
|
|
||||||
respond_to do |format|
|
respond_to do |format|
|
||||||
|
|
|
@ -8,7 +8,8 @@ module TrustedDeviceConcern
|
||||||
cookies.encrypted[TRUSTED_DEVICE_COOKIE_NAME] = {
|
cookies.encrypted[TRUSTED_DEVICE_COOKIE_NAME] = {
|
||||||
value: JSON.generate({ created_at: start_at }),
|
value: JSON.generate({ created_at: start_at }),
|
||||||
expires: start_at + TRUSTED_DEVICE_PERIOD,
|
expires: start_at + TRUSTED_DEVICE_PERIOD,
|
||||||
httponly: true
|
httponly: true,
|
||||||
|
secure: Rails.env.production?
|
||||||
}
|
}
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
|
@ -1,3 +1,3 @@
|
||||||
# Be sure to restart your server when you modify this file.
|
# Be sure to restart your server when you modify this file.
|
||||||
|
|
||||||
Rails.application.config.session_store :cookie_store, key: '_DS_session'
|
Rails.application.config.session_store :cookie_store, key: '_DS_session', secure: Rails.env.production?
|
||||||
|
|
Loading…
Reference in a new issue