chore(cookies): cookies http only

This commit is contained in:
Colin Darie 2024-07-03 11:54:10 +02:00
parent 1eb0bdb4ae
commit 990dfbcf9e
No known key found for this signature in database
GPG key ID: 4FB865FDBCA4BCC4
4 changed files with 5 additions and 4 deletions

View file

@ -12,8 +12,8 @@ class AgentConnect::AgentController < ApplicationController
def login
uri, state, nonce = AgentConnectService.authorization_uri
cookies.encrypted[STATE_COOKIE_NAME] = { value: state, secure: Rails.env.production? }
cookies.encrypted[NONCE_COOKIE_NAME] = { value: nonce, secure: Rails.env.production? }
cookies.encrypted[STATE_COOKIE_NAME] = { value: state, secure: Rails.env.production?, httponly: true }
cookies.encrypted[NONCE_COOKIE_NAME] = { value: nonce, secure: Rails.env.production?, httponly: true }
redirect_to uri, allow_other_host: true
end

View file

@ -117,7 +117,7 @@ class ApplicationController < ActionController::Base
def set_locale(locale)
if locale && locale.to_sym.in?(I18n.available_locales)
cookies[:locale] = { value: locale, secure: Rails.env.production? }
cookies[:locale] = { value: locale, secure: Rails.env.production?, httponly: true }
if user_signed_in?
current_user.update(locale: locale)
end

View file

@ -249,6 +249,7 @@ module Instructeurs
cookies.encrypted[cookies_export_key] = {
value: DateTime.current,
expires: Export::MAX_DUREE_GENERATION + Export::MAX_DUREE_CONSERVATION_EXPORT,
httponly: true,
secure: Rails.env.production?
}

View file

@ -1,3 +1,3 @@
# Be sure to restart your server when you modify this file.
Rails.application.config.session_store :cookie_store, key: '_DS_session', secure: Rails.env.production?
Rails.application.config.session_store :cookie_store, key: '_DS_session', secure: Rails.env.production?, httponly: true